[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cfengine, firewall and security
From: |
Dan Bethe |
Subject: |
Re: cfengine, firewall and security |
Date: |
Fri, 10 Nov 2000 11:24:35 -0800 (PST) |
> > That's a fine idea, Christopher. I'd like to add that rsync can
> use
> > ssh as its transport (--rsh=ssh) and that ssh can use RSA as its
> > authentication method. But I'm sure you knew that. :)
> >
>
> I am not convinced that there is a general understanding of why. As
> long
> as all source files are coming from a single common, trusted
> host, RSA doesn't provide anything that symmetric encryption does not
The only reason I mention RSA is because ssh can use it to do
encrypted passwordless authentication. If you do an 'ssh-keygen' on
the source host and put the resulting data in the target host's user's
~/.ssh/authorized_keys file, and then do a 'chmod u=wrx ~/.ssh && chmod
u=rw ~/.ssh/*' then you can perform an automatic login with an
encrypted authentication, without having to type a password. That's
what you'd want for an encrypted file transfer channel.
I'm very interested to see if ssh has a feature where it can encrypt
only the authentication and not the entire transmission. Sometimes I
want to copy a bunch of trivial data across a network that's fast
enough that encryption is a bottleneck.
=====
"Don't expect your own messiah; this neverworld which you desire is
only in your mind." -- http://www.dreamtheater.net/songb4.htm#IV5
__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.
http://shopping.yahoo.com/
- Re: cfengine, firewall and security, (continued)
- Re: cfengine, firewall and security, Christopher Browne, 2000/11/09
- Re: cfengine, firewall and security, Mark R. Lindsey, 2000/11/09
- RE: cfengine, firewall and security, Dan Bethe, 2000/11/09
- Re: cfengine, firewall and security, Dan Bethe, 2000/11/10
- Re: cfengine, firewall and security,
Dan Bethe <=