I have recently switched to an apache / SuSE setup for my webserver and I am looking for some ideas on how to update it remotely. I have my internal network protected with an LRP box so configuration on the router / firewall is very limited. I wish to do this as securely as possible. I do have the sshd setup on the router so I can SSH into that and then telnet to any internal boxes, one of which is the webserver (I didnt have room to install the ssh client on router). I will be updating it from either Windows or other Linux boxes. Anyone have any thoughts on the best way to address this? Thanks! CK -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On 19 Jun 2000, at 19:52, NOC - Kulish wrote:
I have recently switched to an apache / SuSE setup for my webserver and I am looking for some ideas on how to update it remotely.
I have my internal network protected with an LRP box so configuration on the router / firewall is very limited. I wish to do this as securely as possible. I do have the sshd setup on the router so I can SSH into that and then telnet to any internal boxes, one of which is the webserver (I didnt have room to install the ssh client on router).
The most secure way would be to install ssh on the linux boxes and use sftp or scp to update. Datafellows makes an ssh client for 'doze, but it costs ~$120 (US). If you don't want to spend the money, you can install samba on the webserver. It's nowhere near as secure as ssh, but at least passwords are encrypted. If other users are updating from 'doze boxes, samba has the other advantage of looking like a Windoze share, so there's really no training involved for your users. Cheers, Dennis "Custard pies are a sort of esperanto: a universal language." --Noel Godin -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
NOC - Kulish tapped away at the keyboard with:
I have recently switched to an apache / SuSE setup for my webserver and I am looking for some ideas on how to update it remotely.
I have my internal network protected with an LRP box so configuration on the router / firewall is very limited. I wish to do this as securely as possible. I do have the sshd setup on the router so I can SSH into that and then telnet to any internal boxes, one of which is the webserver (I didnt have room to install the ssh client on router).
I will be updating it from either Windows or other Linux boxes.
Have you considered rsync? You can run an unprivileged rsync server with custom authentication (i.e. your own username domain space with passwords). The worst damage that could be done is to the filespace that's defined by the rsync server. Unfortunately, it's not encrypted AFAIK. You may be able to set up a port on the router to connect straight to the corresponding rsync server port. -- Bernd Felsche - Innovative Reckoning Perth, Western Australia -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
On Mon, 19 Jun 2000, NOC - Kulish wrote:
I have recently switched to an apache / SuSE setup for my webserver and I am looking for some ideas on how to update it remotely.
I have my internal network protected with an LRP box so configuration on the router / firewall is very limited. I wish to do this as securely as possible. I do have the sshd setup on the router so I can SSH into that and then telnet to any internal boxes, one of which is the webserver (I didnt have room to install the ssh client on router).
I will be updating it from either Windows or other Linux boxes.
Anyone have any thoughts on the best way to address this?
Thanks!
CK
I'd use scp, the secured copy program that comes with ssh. you mention that you dont have ssh on your router, and this is not a problem. you can use IP port forwarding to make a direct ssh forward to your internal boxes. i usually setup the port forward on an obscure port, like 15432. then when i try to ssh to that port on the firewall, it gets forwarded to the internal box, but is transparent. "ssh -l rocky -p 15432 firewall.mycompany.com" openssh, pine, aterm: these are the things i cant live without...:) -- Rocky McGaugh rmcgaugh@atipa.com -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
I think I like this idea the best out of all the replies I received on this subject. Thanks to everyone that repllied!! Now, for my next (SOL) question. Has anyone ever used pscp (Putty scopy) successfully under windows? I cant seem to get the syntax down. If someone could send an example, that would be great!! If you feel that this is getting too far from SuSE, let me know, but if you have a suggestion, dont hesitate to email me privately! CK On Tue, 20 Jun 2000, Rocky McGaugh wrote:
On Mon, 19 Jun 2000, NOC - Kulish wrote:
I have recently switched to an apache / SuSE setup for my webserver and I am looking for some ideas on how to update it remotely.
I have my internal network protected with an LRP box so configuration on the router / firewall is very limited. I wish to do this as securely as possible. I do have the sshd setup on the router so I can SSH into that and then telnet to any internal boxes, one of which is the webserver (I didnt have room to install the ssh client on router).
I will be updating it from either Windows or other Linux boxes.
Anyone have any thoughts on the best way to address this?
Thanks!
CK
I'd use scp, the secured copy program that comes with ssh. you mention that you dont have ssh on your router, and this is not a problem. you can use IP port forwarding to make a direct ssh forward to your internal boxes. i usually setup the port forward on an obscure port, like 15432. then when i try to ssh to that port on the firewall, it gets forwarded to the internal box, but is transparent. "ssh -l rocky -p 15432 firewall.mycompany.com"
openssh, pine, aterm: these are the things i cant live without...:)
-- Rocky McGaugh rmcgaugh@atipa.com
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
"Rocky" == Rocky McGaugh <rmcgaugh@atipa.com> writes:
> On Mon, 19 Jun 2000, NOC - Kulish wrote: >> I have recently switched to an apache / SuSE setup for my >> webserver and I am looking for some ideas on how to update it >> remotely. >> > I'd use scp, the secured copy program that comes with ssh. you > mention that you dont have ssh on your router, and this is not a > problem. you can use IP port forwarding to make a direct ssh > forward to your internal boxes. i usually setup the port forward > on an obscure port, like 15432. then when i try to ssh to that > port on the firewall, it gets forwarded to the internal box, but > is transparent. "ssh -l rocky -p 15432 firewall.mycompany.com" IMHO, I think ssh+rsync is probably better in this situation then scp. Charles -- ===================================================== One Net to rule them all, One Net to find them, One Net to bring them all, and with Linux bind them. ===================================================== -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/
participants (5)
-
bernie@innovative.iinet.net.au -
cpchan@myna.com -
dsoper@clipper.net -
noc@kulish.com -
rmcgaugh@atipa.com