X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/715e72778416c14556cb60b7aeadfdaade13c581..4c3d16be50ebe52e51383e396a641448c4ba00c0:/rsyncd.conf.yo

diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo
index a7843670..8b741b0b 100644
--- a/rsyncd.conf.yo
+++ b/rsyncd.conf.yo
@@ -227,6 +227,23 @@ The default is no "hosts deny" option, which means all hosts can connect.
 
 enddit()
 
+manpagesection(AUTHENTICATION STRENGTH)
+
+The authentication protocol used in rsync is a 128 bit MD4 based
+challenge response system. Although I believe that no one has ever
+demonstrated a brute-force break of this sort of system you should
+realise that this is not a "military strength" authentication system.
+It should be good enough for most purposes but if you want really top
+quality security then I recommend that you run rsync over ssh.
+
+Also note that the rsync server protocol does not currently provide any
+encryption of the data that is transferred over the link. Only
+authentication is provided. Use ssh as the transport if you want
+encryption.
+
+Future versions of rsync may support SSL for better authentication and
+encryption, but that is still being investigated.
+
 manpagesection(EXAMPLES)
 
 A simple rsyncd.conf file that allow anonymous rsync to a ftp area at