"The way .ssh/authorized_keys is typically used is not secure.
Because using it securely is hard, and dumping in passwordless ssh
keys is easy. I spent about 5 hours today locking down my
"If you need to rsync multiple separate directories, it's easy
to find several documents involving a validate-rsync.sh. Do not
use, it is insecure--it allows rsync to be run with any parameters.
Including parameters that allow the remote system to rsync in a new
~/.ssh/authorized_keys. Oops. (You can probably also trick
validate-rsync.sh into running other arbitrary commands.) To be
secure, you have to check the rsync parameters against some form of
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.