Thank you very much! It’s clear now!
Quick question on Synchting over SSH.
In this case, the authentication is based on the SSH protocol performed by the OpenSSH. Suppose that a key is leaked, or is weak (due to a bad random number generator or various other problems) and is broken. In the case of SSH, the SSH provides a shell and the packets go to the shell. In the case of Syncting, what would be the fate of a packet that passes the authentication?
It seems that Synchting provides a more restricted environment post-authentication than the SSH. It seems that from the perspective of the Synchting, authentication by an attacker would only provide access to the data in the folders synced by the Syncthing) and nothing more (in other words, data in other folders is still safe and commands cannot be executed). Or could the authenticated packets be diverted to get a shell in the user space?
This could be an important advantage for Synchting. It also means that, running Synchting in an isolated environment like Docker provides no additional safety, since it’s already isolated in some sense?