[svlug] Configuring Server - SSH Trouble + Security Considerations

ericv ericv at cruzio.com
Fri Oct 27 12:10:00 PDT 2006


On Fri, 27 Oct 2006 09:06:42 -0700, Rick Moen wrote
> Quoting ericv (ericv at cruzio.com):
> 
> > That's why I always pushed content to my web wervers via SSH rather than allow
> > them to pull.  Similar for lightweight backup jobs.  Even though I locked them
> > down tight, they were always considered "ceremonially unclean".
> 
> Lightweight backup jobs and similar prespecified tasks _can_ safely 
> be initiated from the less-trusted end, using locked-down ssh keypairs.
> See:  "SSH Public-key Process" on http://linuxmafia.com/kb/Security/

I did not know you could specify certain authorized commands in the
authorized_keys file...  That's what I get for skimming manpages.

I still prefer the push/pull to initiate from the trusted end.  Call me paranoid.

--
Eric N. Valor
http://www.alsa.org
(sent from my web client)





More information about the svlug mailing list