[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cfengine, firewall and security

From: Dan Bethe
Subject: Re: cfengine, firewall and security
Date: Fri, 10 Nov 2000 11:24:35 -0800 (PST)

> >     That's a fine idea, Christopher.  I'd like to add that rsync can
> use
> > ssh as its transport (--rsh=ssh) and that ssh can use RSA as its
> > authentication method.  But I'm sure you knew that.  :)
> > 
> I am not convinced that there is a general understanding of why. As
> long
> as all source files are coming from a single common, trusted
> host, RSA doesn't provide anything that symmetric encryption does not

        The only reason I mention RSA is because ssh can use it to do
encrypted passwordless authentication.  If you do an 'ssh-keygen' on
the source host and put the resulting data in the target host's user's
~/.ssh/authorized_keys file, and then do a 'chmod u=wrx ~/.ssh && chmod
u=rw ~/.ssh/*' then you can perform an automatic login with an
encrypted authentication, without having to type a password.  That's
what you'd want for an encrypted file transfer channel.
        I'm very interested to see if ssh has a feature where it can encrypt
only the authentication and not the entire transmission.  Sometimes I
want to copy a bunch of trivial data across a network that's fast
enough that encryption is a bottleneck.

"Don't expect your own messiah; this neverworld which you desire is
only in your mind." --

Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one Place.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]