help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: running cfengine across firewall

From: Mark . Burgess
Subject: Re: running cfengine across firewall
Date: Mon, 31 Jan 2005 14:51:37 +0100 (MET) 

On 31 Jan, Russell Adams wrote:
> Whats that famous OSS quote?
> 
> "Before many eyes, all bugs are shallow."
> 
> I don't mind using an application specific protocol on a LAN, but on
> the internet I prefer to use a wide spread protocol. Perhaps its the
> hiding in a crowd mentality, or the hope that with huge numbers of
> people relying on SSH, holes will be found quickly and fixed.
> 
> Really, cfservd is alot easier.
> 
> It just occurred to me, but maybe we can tunnel cfservd (tcp port 5308?)
> over stunnel or a traditional SSH tunnel. That would rock!

What makes you think ssh is safer? Cfengine uses the same basic
protocol as ssh, but without all the complicating options.
 
> I wonder what type of key issues would be involved connecting to
> localhost for everything. Can we dynamically set port numbers for
> cfservd connections? That would cinch it!
> 
> On a different security related note, I wish that cfengine supported
> GPG. I don't care where my configs get downloaded from, only that they
> are signed as coming from the proper administrator to prevent
> tampering. Does anyone else see this as useful?


Lots of things that will have equivalent solutions in future versions.

M

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]