On Thu, Nov 12, 2009 at 12:04:07PM +0000, Tyler J. Wagner wrote:

> > How is that easier than just sending the single line:
> > BackupPC_serverMsg backup HOSTIP HOST 0/1
> > 
> > You will need to have ssh connection or vpn anyway if you are
> > remote.
> 
> It's not easier, but it is more secure.  Assuming you have a reachable IP 
> link 
> from server to client (IE, no NAT), using HTTP auth as the user is far safer 
> than leaving SSH keys on the client that can SSH into the server.

Well, there is one very safe way to use ssh-keys into the server: Limit
the command to execute via authorized_keys. That way, _only_ the command
you gave within the authorized_keys file will be executed by sshd, no
matter what you try.

For example, we use the following for establishing a one-port ssh-tunnel
with keepalive:
command="while read ; do echo $REPLY ; 
done",no-agent-forwarding,no-X11-forwarding,no-pty,permitopen="127.0.0.1:1234" 
ssh-dss AAAAB3...

On the server side we have running
  while read -t 70 ; do echo -n . ; done | ssh -R1234:localhost:abc $targethost

HTH,

Tino.

-- 
"What we nourish flourishes." - "Was wir nähren erblüht."

www.lichtkreis-chemnitz.de
www.tisc.de

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/