And, just making sure I have this right, if I copy a file from a server with this command:
$ rsync :~/credit_card_numbers.txt ./[Not that I actually have that file on my server--just an example of confidential docs x-D ]The .txt file [or any kind of file] would not be sent in plaintext, but would be encrypted? With my Key file or something in ~/.ssh, right? And nobody snooping on the connection [gov, people on my network, etc etc] would be able to view the file?
2 Answers
A randomly generated, symmetric session key is used for encrypring the communication between client and server. During the connection the key is shared by both parties, when the session ends, the key is destroyed.
SSH version 1 (SSH-1) uses only a single key, while SSH-2 has several: each direction (client->server, server->client) and others for integrity checking.
SSH-2 provides a way for either side of an SSH connection to initiate a re-keying ("Session rekeying"), causing client and server to negotiate new session keys.
Source: O'REILLY - SSH The Definitive Guide
As EightBitTony mentioned, use scp.
rsync might not be encrypted. It usually runs over ssh by default (and hence is encrypted) if it's not talking to an rsync server, but it might have been configured / compiled to use rsh or some other remote shell.
ssh (and scp, which runs over SSH) is encrypted using public/private key encryption, nothing that travels over the connection can be interpreted without access to the private keys. People are prevented from not only reading the contents of the file, but from knowing you're even transferring one, they can just see encrypted traffic.
To be sure, you can use,
rsync -e ssh ..................... 0