Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] moving files remotely



>>>>> "Matt" == Matt Doughty <mdoughty@example.com> writes:

    Matt> haven't been able to come up with a security scheme I am
    Matt> particularly happy with when implementing rsync.  Haven't
    Matt> looked very hard either though.

If it needs to be automated, I'd suggest a dedicated ssh key with
ssh-agent running.  The only place the ssh public key should ever be
found is following a "command=rsync..." spec in authorized_keys.

I suppose you could be forced to DoS yourself if somebody got hold of
the private key, or knew how to crack the agent.

Any other worries imply they're already infesting the remote box,
you've got bigger problems than them burying trojans in your rsync
channel.

-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
 My nostalgia for Icon makes me forget about any of the bad things.  I don't
have much nostalgia for Perl, so its faults I remember.  Scott Gilbert c.l.py


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links