Rsync.net, mounting, and “security”

jwink3101 · August 26, 2024, 3:57pm

On the rclone page of rsync.net, they claim:

We do not support 'rclone serve' or 'rclone mount' for security reasons.

I thought surly this meant you couldn't call rclone mount on their remote shell but according to thier support, they don't allow you to rclone mount their SFTP remote. Support noted that SSHFS was acceptable.

This leaves me to wonder a few things:

How can they tell on the server side if you are syncing or mounting. I guess they could guess based on some behavior but I can't imagine it being accurate
Is anyone aware of what "security" (the use of quotes intentional) issues they may be referring to? And how could SSHFS be okay but rclone not?
Does anyone have experience with them? I am not looking to switch but I am always curious.

Thanks

asdffdsa · August 26, 2024, 4:06pm

hi,

yes, i have been using them for about 7+ years.

rsync.net does not allow login over ssh, no access to command line, no way to install/run rclone.

i also use hetzner storagebox, which does allow login but very locked down

+------------------------------------------------------------------+
| Welcome to your Storage Box.                                     |
|                                                                  |
| Please note that this is only a restricted shell environment and |
| therefore some shell features like pipes and redirects are not   |
| supported.                                                       |
+------------------------------------------------------------------+

but they do offer limited access to rclone serve

Available as server side backend:                                             |
|   borg                                                                      |
|   rsync                                                                     |
|   scp                                                                       |
|   sftp                                                                      |
|   rclone serve restic --stdio

jwink3101 · August 26, 2024, 4:33pm

Are you able to rclone mount the rsync.net remote? Do they somehow block it? Or is it one of those policy things that don't have teeth?

asdffdsa · August 26, 2024, 4:38pm

sure, same as with any sftp remote.

[rsync]
type = sftp
host = redacted.rsync.net
user = redacted
key_file = c:\data\c\combined\rsync\keys\profile2\id_ed25519
md5sum_command = md5 -r
sha1sum_command = sha1 -r
shell_type = unix

DEBUG : rclone: Version "v1.67.0" starting with parameters ["c:\\data\\rclone\\rclone.exe" "mount" "rsync:" "b:\\rclone\\mount\\rsync" "--log-file=.\\log.mount.rsync.txt" "--log-level=DEBUG"]
DEBUG : Creating backend with remote "rsync:"
DEBUG : Using config file from "c:\\data\\rclone\\rclone.conf"
DEBUG : sftp://redacted@redacted.rsync.net:22/: New connection 192.168.62.6:54076->216.66.77.203:22 to "SSH-2.0-OpenSSH_9.7-hpn14v15 FreeBSD-openssh-portable-9.7.p1_2,1"
DEBUG : sftp://redacted@redacted.rsync.net:22/: Shell type "unix" from config
DEBUG : sftp://redacted@redacted.rsync.net:22/: Relative path resolved to "/data2/home/redacted"
DEBUG : sftp://redacted@redacted.rsync.net:22/: Using root directory "/data2/home/redacted"
INFO  : sftp://redacted@redacted.rsync.net:22/: poll-interval is not supported by this remote
DEBUG : Network mode mounting is disabled
DEBUG : Mounting on "b:\\rclone\\mount\\rsync" ("rsync")
DEBUG : sftp://redacted@redacted.rsync.net:22/: Mounting with options: ["-o" "attr_timeout=1" "-o" "uid=-1" "-o" "gid=-1" "--FileSystemName=rclone" "-o" "volname=rsync"]
DEBUG : sftp://redacted@redacted.rsync.net:22/: Init: 
DEBUG : sftp://redacted@redacted.rsync.net:22/: >Init: 
DEBUG : /: Statfs: 
DEBUG : sftp://redacted@redacted.rsync.net:22/: Server has VFS statistics extension
DEBUG : sftp://redacted@redacted.rsync.net:22/: About path "/data2/home/redacted"
DEBUG : /: >Statfs: stat={Bsize:4096 Frsize:4096 Blocks:32296140 Bfree:28177348 Bavail:28177348 Files:1000000000 Ffree:1000000000 Favail:0 Fsid:0 Flag:0 Namemax:255}, errc=0
DEBUG : /: Getattr: fh=0xFFFFFFFFFFFFFFFF
DEBUG : /: >Getattr: errc=0
DEBUG : /: Readlink: 
DEBUG : /: >Readlink: linkPath="", errc=-40
DEBUG : /: Getxattr: name="non-existant-a11ec902d22f4ec49003af15282d3b00"
DEBUG : /: >Getxattr: errc=-40, value=""
The service rclone has been started.

jwink3101 · August 26, 2024, 4:50pm

This is what I expected and was confused when they indicated that they didn't allow it. I didn't understand how they could block it even if they wanted to!

Glad to hear I am not crazy. Or at least not for this.

kapitainsky · August 26, 2024, 4:53pm

they do not allow to run rclone mount nor rclone serve on their server.

What and how you run on your computer is not something they can even control.

asdffdsa · August 26, 2024, 5:27pm

yeah, at least for that ;wink

asdffdsa · August 26, 2024, 6:31pm

for me, i have mostly switched away.
just curious, why switch to rsync.net and what would you be switching from?

jwink3101 · August 26, 2024, 6:34pm

I may not have been clear. I do not currently use rsync.net and don't plan to.

While the rclone pricing is competative ($8/Tb/month), it isn't compelling over B2 ($6/Tb/Month + minor API).

This question was really just about curiosity (or, really, incredulity) of them not allowing mounting the remote and whether they actually could, or would do so