On Sat, 7 Apr 2001, L. Cranswick wrote:
> > So I recompiled OpenSSH to use a different port, and have a different name
> > (BrokenSSH, or "bs" for short). I installed it on the receiving box in a
> > chrooted environment, configured its sshd_config and ran it thorugh tcp
> > wrappers so that only one account could be accessed from only one
> > IP. Then I just called it on the sending box with rsync's -e
> > switch. rsync -varpogte bs --stats /var/www/ incoming@mirror:/var/www/
> Are there any good tutorials on this?
Not yet. :) But, I might be persuaded to write one. Although, most
people don't like the documentation I write, becuase my tendency would be
to just make an RPM of the modified SSH rather than to write a HOWTO.
> One thing that is rarely stated is the amount of time and extra effort
> needed to set things up. While in theory, users could be tunnelling
> FTP and Rsync via SSH to update files - how many users do this?
> I don't think I have persuaded one person to do this - they all
> think it too inconvenient - too much new stuff to learn - and it
> takes discipline to stick with it.
All my users. I'm mean. But, every single user that I've taught
ssh/scp/rsync to has found them easier to use than telnet/ftp. I think
it's all in the delivery - Most people teach SSH with "It might sound more
complicated, but it's more secure," while I start off with "This is a lot
easier once you've done it once or twice, and it's more secure too!"
> (Many of these secure techniques also assume admin rights on the remote
> machine. Or that the remote admin has plenty of time to spend helping out
> on this things. Both flawed assuptions.)
Yup. I can't count the number of times I've installed sshd in my homedir
on someone else's box that didn't want to run it. The only problem is
that I have to make it listen on a higher port. But it gets really scary
when I do this and the admins don't notice. I tell them, of course, but I
think a good admin should be able to notice this stuff on their own.
--
Rob Russell Senior Systems Analyst
613-224-6676 x332 N-able Technologies
fax: 613-228-1399 http://www.N-ableIT.com
877-655-4689 [EMAIL PROTECTED]
