Mailinglist Archive: opensuse-security (511 mails)

< Previous Next >
Re: [suse-security] automatic backups over ssh/scp
  • From: <listuser@xxxxxxxxxxxx>
  • Date: Fri, 3 Aug 2001 10:49:37 -0600 (MDT)
  • Message-id: <Pine.LNX.4.33.0108031046040.6447-100000@xxxxxxxxxxxxxxxxxx>
You can push and pull files for backups. I.e. have the backup server login
to a client machine via ssh and pull files. Or the client can push the
backups to the server. If you want authentication at some point you have
to place some sort of shared [secret] (doesn't have to be secret secret)
on the machines (password, public key, root X.509 cert, etc.).

As for transfering sensitive informaiton over the Internet being a no-no
that is poppy cock. In most cases the Internet routing infrastructure (all
those honking great juniper and cisco machines) are a lot harder to break
into and use to sniff traffic then simply breaking into one of the
endpoints typically. IPSec anyone?

Still looking for someone to show me good bars in Berlin.

-Kurt

On Fri, 3 Aug 2001, Ken Schneider wrote:

> semat wrote:
> >
> > > > That depends on the situation. The private keys are on the SSH client
> > > > machine, so if that is more secure than the SSH server, the setup is more
> > > > secure than with passwords being on the server.
> >
> > We have lost the point here. <<<---- L O O K
>
> Are both of these machines behind the firewall? Do we assume that the
> attacker knows about this script and his only purpose is find this
> script in hopes that it has a plain text password in it?
> If this data is that sensitive it should NOT be transfered through the
> internet in the first place. If it is a intranet transfer and there is
> that much concern about security I would use some other (more secure)
> means of transfer and find out who the attacker is and have appropriate
> action taken against this individual (dismissal).
>
>


< Previous Next >
List Navigation
References