From owner-freebsd-stable  Fri Jul 28  6:53: 4 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from privatecube.privatelabs.com (privatecube.privatelabs.com [198.143.31.30])
	by hub.freebsd.org (Postfix) with ESMTP id BAA8637BF24
	for <stable@freebsd.org>; Fri, 28 Jul 2000 06:53:00 -0700 (PDT)
	(envelope-from mi@virtual-estates.net)
Received: from misha.privatelabs.com (misha.privatelabs.com [198.143.31.6])
	by privatecube.privatelabs.com (8.9.3/8.9.2) with ESMTP id IAA01064;
	Fri, 28 Jul 2000 08:52:01 -0400
Received: from virtual-estates.net (localhost [127.0.0.1])
	by misha.privatelabs.com (8.9.3/8.9.3) with ESMTP id JAA99713;
	Fri, 28 Jul 2000 09:48:30 -0400 (EDT)
	(envelope-from mi@virtual-estates.net)
Message-Id: <200007281348.JAA99713@misha.privatelabs.com>
Date: Fri, 28 Jul 2000 09:48:26 -0400 (EDT)
From: mi@aldan.algebra.com
Subject: Re: rdist and pam 
To: David Malone <dwmalone@maths.tcd.ie>
Cc: stable@freebsd.org
In-Reply-To: <200007281055.aa78980@salmon.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: TEXT/plain; CHARSET=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 28 Jul, David Malone wrote:
= > So you want to do  ssh-style authentication, but not actually tunnel
= > the connection through  ssh -- is that what you  mean? You can force
= > ssh authentication if you tunnel  the connection through it, because
= > you can make the cvsupd server bind only to localhost.
=
= Basically what  we want  is something  like RsaRhosts  - if  you trust
= root@remote.machine you can  be sure about the username  of the person
= at the  far end. Ordinary users  have shell access to  both the server
= machine and the clients,  and we don't want users to  be able to cvsup
= the unreadable files so we need to know it's root@remote.machine we're
= talking to.

What you should,  probably, use is rdist6 over ssh  with ssh compression
disabled.  It is  the compression,  not  the encryption  that kills  the
throughput  on fast  networks. Having  the traffic  encrypted is  better
anyway for  the long  run, although  you can build  ssh with  the cypher
``none'' available and use it...

	-mi



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message