UT Austin/ACITS +1 512 471 2449 (f)
On Sun, 20 Aug 2000, Russell Nelson wrote:
Yes. I've got four customers on support contracts with clustered SMTP
servers who need/want better reporting. Need to get the log files
over to another machine. Could use ssh, but it's better (more secure)
to run a program which just transfers log file entries.
Sorry to reply to this thread so late, I'm catching up on old list
mail.
It would be very much more secure to use SSH. Just create a
'logselect' user on the system holding the logs. Use the 'command='
qualifier in ~logselect/.ssh/authorized_keys to specify that the
logselect program is to be run, perhaps after fiddling some file
descriptors to be compatible with tcpserver conventions.
The only restriction is that this only works when the requesting
side is using RSA authentication, not RSARhosts or any of the
others. I consider that a plus.
Thus, you get the strong authentication, privacy, and integrity of
SSH without giving the remote entity unrestricted shell access.
-- Jeff
