On Thu, Nov 12, 2009 at 12:04:07PM +0000, Tyler J. Wagner wrote:
> > How is that easier than just sending the single line:
> > BackupPC_serverMsg backup HOSTIP HOST 0/1
> >
> > You will need to have ssh connection or vpn anyway if you are
> > remote.
>
> It's not easier, but it is more secure. Assuming you have a reachable IP
> link
> from server to client (IE, no NAT), using HTTP auth as the user is far safer
> than leaving SSH keys on the client that can SSH into the server.
Well, there is one very safe way to use ssh-keys into the server: Limit
the command to execute via authorized_keys. That way, _only_ the command
you gave within the authorized_keys file will be executed by sshd, no
matter what you try.
For example, we use the following for establishing a one-port ssh-tunnel
with keepalive:
command="while read ; do echo $REPLY ;
done",no-agent-forwarding,no-X11-forwarding,no-pty,permitopen="127.0.0.1:1234"
ssh-dss AAAAB3...
On the server side we have running
while read -t 70 ; do echo -n . ; done | ssh -R1234:localhost:abc $targethost
HTH,
Tino.
--
"What we nourish flourishes." - "Was wir nähren erblüht."
www.lichtkreis-chemnitz.de
www.tisc.de
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|