On Sun, Dec 11, 2005 at 04:37:12PM -0800, Paddy Sreenivasan wrote: > > [1] You need client-side encryption if you don't want your data flowing > > unencrypted over the network. > You can use ssh for server/client communication and server side data > encryption.
While this is possible, I don't like it because it has two disadvantages: 1. You need to set up keys for both, ssh _and_ amanda. 2. You need to set up ssh keys either by storing the passphrase in cleartext or use ssh-agent. Using ssh-agent has security-flaws, too. In addition, with ssh-agent, you will need to type the passphrase at least once after every reboot. Not very suitable for a fully-automated backup-system, IMHO. When you use a public key on the client to encrypt, you can lock away the private key in a secure place. Both, transport _and_ storage will be encrypted with such a setup. -- No software patents in Europe -- http://nosoftwarepatents.com -- Josef Wolf -- [EMAIL PROTECTED] --
