@vaporeon_ i’m tempted to say not necessarily; most of the issues are with the client being able to be tricked by a misbehaving server (or proxy)

@aescling Ah, OK, so if I only regularly rsync between my own computers, then things are fine, even if one of those computers and its sshd is exposed to the global Internet?

@vaporeon_ that is what it seemed like to me

@vaporeon_ you can get the server to leak purrivate info like environment variables, but if you’re only running the dæmon behind SSH then you have way bigger purroblems if somebody is successfully taking advantage of that