On Thu, Nov 12, 2009 at 12:04:07PM +0000, Tyler J. Wagner wrote: > > How is that easier than just sending the single line: > > BackupPC_serverMsg backup HOSTIP HOST 0/1 > > > > You will need to have ssh connection or vpn anyway if you are > > remote. > > It's not easier, but it is more secure. Assuming you have a reachable IP > link > from server to client (IE, no NAT), using HTTP auth as the user is far safer > than leaving SSH keys on the client that can SSH into the server.
Well, there is one very safe way to use ssh-keys into the server: Limit the command to execute via authorized_keys. That way, _only_ the command you gave within the authorized_keys file will be executed by sshd, no matter what you try. For example, we use the following for establishing a one-port ssh-tunnel with keepalive: command="while read ; do echo $REPLY ; done",no-agent-forwarding,no-X11-forwarding,no-pty,permitopen="127.0.0.1:1234" ssh-dss AAAAB3... On the server side we have running while read -t 70 ; do echo -n . ; done | ssh -R1234:localhost:abc $targethost HTH, Tino. -- "What we nourish flourishes." - "Was wir nähren erblüht." www.lichtkreis-chemnitz.de www.tisc.de ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ BackupPC-users mailing list [email protected] List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
