[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Copy slower than rsync Re: Bugs and features
|
From: |
Nate Campi |
|
Subject: |
Re: Copy slower than rsync Re: Bugs and features |
|
Date: |
Fri, 8 Nov 2002 11:10:12 -0800 |
|
User-agent: |
Mutt/1.3.28i |
On Fri, Nov 08, 2002 at 07:42:20PM +0100, Adrian Phillips wrote:
> >>>>> "Nate" == Nate Campi <nate@campin.net> writes:
>
> Nate> Unless you mean ssh using public key or kerberos or S/Key
>
> I meant ssh with public key. I'm interested as to how cfengine's key
> system is "better" then ssh's.
http://www.cfengine.org/confdir/copyv2.html
Basically, key distribution suffers from the same chicken-and-egg
problem that SSH does in regard to host keys. Once you have your keys
distributed, however, cfengine authenticates both parties, not just one
side. I know ssh clients check the server's known host key, but this is
not two-way public-key auth like cfenine performs.
I'm glad Mark chose to do it the way he did.
> Nate> auth then this is not security. Even then, you have
> Nate> encryption and good authentication, which is mostly one way.
>
> Nate> rsync's server could be made "secure" with IPSec and packet
> Nate> filtering, so that you *know* the host it's originating from
> Nate> and filtering out all others. You can't just say "rsync's
> Nate> server is insecure and rsync over ssh is secure", because it
> Nate> leaves out too much.
>
> Well, standard rsync server is relatively "insecure", is it not. No
> public key, no hijacking checking (if that is the correct term for
> it). I was under the impression that ssh is recommended because it is
> relatively secure if used "properly".
Yeah, I'm not attacking you. It's simply that too many people don't
*think* about security. They use SSH to log in and SSL to encrypt
sessions, but they email credit card info that's collected over HTTPs
and use their SSH account password for plaintext IMAP access across the
internet.
I see this stuff all the time, and people don't realize what they're
doing. My point is that SSH can be insecure and "rsyncd" can be sure,
and blanket statements about SSH being secure cannot be made.
--
Nate Campi http://www.campin.net
"The number of the beast - vi vi vi."
pgpOfdtHEzm8P.pgp
Description: PGP signature
- Copy slower than rsync Re: Bugs and features, Adrian Phillips, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Mark Burgess, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Adrian Phillips, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Mark Burgess, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Nate Campi, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Adrian Phillips, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features,
Nate Campi <=
- Re: Copy slower than rsync Re: Bugs and features, Mark . Burgess, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Adrian Phillips, 2002/11/08
- Re: Copy slower than rsync Re: Bugs and features, Mark . Burgess, 2002/11/08
Re: Copy slower than rsync Re: Bugs and features, Ted Zlatanov, 2002/11/08