On Fri, 15 Feb 2002, Reckhard, Tobias wrote: :Instead, I'd use rsync with SSH as transport to automatically push the :necessary portions of the file system from the internal file server to the :DMZ server and configure the latter to use the local copies. Rsync is better :than scp here, because it only copies the necessary files and even those :only incementally. IIRC, it can also delete files on the target host that :don't exist anymore on the source host. The use of SSH gives you good :authentication (public/private keys) and ensures data integrity in flow. :Using public/private key authentication, you can also restrict the commands :that can be performed on the DMZ host when a specific key is used to :authenticate, which can come in handy.
agreed, rsync over ssh is a good and a fairly common way to push data from inner to more outer security perimeters. in addition to the ssh server configuration, careful use and configuration of the authentication agent may make it reasonable to do this unattended. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
