[svlug] Configuring Server - SSH Trouble + Security Considerations
ericv
ericv at cruzio.com
Fri Oct 27 12:10:00 PDT 2006
On Fri, 27 Oct 2006 09:06:42 -0700, Rick Moen wrote
> Quoting ericv (ericv at cruzio.com):
>
> > That's why I always pushed content to my web wervers via SSH rather than allow
> > them to pull. Similar for lightweight backup jobs. Even though I locked them
> > down tight, they were always considered "ceremonially unclean".
>
> Lightweight backup jobs and similar prespecified tasks _can_ safely
> be initiated from the less-trusted end, using locked-down ssh keypairs.
> See: "SSH Public-key Process" on http://linuxmafia.com/kb/Security/
I did not know you could specify certain authorized commands in the
authorized_keys file... That's what I get for skimming manpages.
I still prefer the push/pull to initiate from the trusted end. Call me paranoid.
--
Eric N. Valor
http://www.alsa.org
(sent from my web client)
More information about the Svlug
mailing list