On Monday 20 April 2009 14:59:55 cpghost wrote:
> On Mon, Apr 20, 2009 at 12:46:05PM +0200, Wojciech Puchar wrote:
> > use rsh not ssh unless you really need encryption.
>
> Sure, you *could* do that, but be sure to encrypt *and* sign the
> backup stream beforehand, e.g. using openssl or gnupg... And even
> then, anyone sniffing that poorly encrypted (at layer 2) wireless LAN
> connection could still hijack the password, log into the backup host,
> and delete or corrupt the (encrypted) dump files.
>
> Perhaps it's better to use ssh anyway, even for encrypted and signed
> dump files. Creating and transfering a couple of key files to the
> clients and backup host and using ssh(1) is not hard. Really not. ;-)

But doesn't use full network capacity. Closed circuit LAN's (yes, they still 
do exist) don't need ssh, but a level 0 dump of several TB of data does need 
full lan speed.
-- 
Mel
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to