From owner-freebsd-security  Tue Dec 11  5:24:45 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mout1.freenet.de (mout1.freenet.de [194.97.50.132])
	by hub.freebsd.org (Postfix) with ESMTP id EE2CD37B445
	for <freebsd-security@freebsd.org>; Tue, 11 Dec 2001 05:24:29 -0800 (PST)
Received: from [194.97.50.135] (helo=mx2.freenet.de)
	by mout1.freenet.de with esmtp (Exim 3.33 #3)
	id 16DmtY-0005MO-00; Tue, 11 Dec 2001 14:24:28 +0100
Received: from a354f.pppool.de ([213.6.53.79] helo=Magelan.Leidinger.net)
	by mx2.freenet.de with esmtp (Exim 3.33 #3)
	id 16DmtP-0002Sc-00; Tue, 11 Dec 2001 14:24:27 +0100
Received: from Leidinger.net (netchild@localhost [127.0.0.1])
	by Magelan.Leidinger.net (8.11.6/8.11.6) with ESMTP id fBBBOI902371;
	Tue, 11 Dec 2001 12:24:19 +0100 (CET)
	(envelope-from netchild@Leidinger.net)
Message-Id: <200112111124.fBBBOI902371@Magelan.Leidinger.net>
Date: Tue, 11 Dec 2001 12:24:16 +0100 (CET)
From: Alexander Leidinger <Alexander@Leidinger.net>
Subject: Re: Rsync, ssh and using root.
To: randys@amigo.net
Cc: marc@milestonerdl.com, freebsd-security@FreeBSD.ORG
In-Reply-To: <200112102348.fBANmG182366@smtp1.amigo.net>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=iso-8859-1
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 10 Dez, Randy Smith wrote:

[NFS+IPSec+rsync]

> This avoids the problems with SSH and root access but may lead to other 
> problems that I am not aware of. One good thing about this is that restoring 
> to the other machine is reasonably easy. Remount boxa:/nfs/dir as read-write 
> and then reverse the paths in the rsync command above.
> 
> Others may be able to point out any problems/improvments that exist with this 
> plan.

-> A lot of network traffic and a slower update if you didn't use
   --size-only (which may only a good idea in specific situations).
   The file on the remote box may need to go completely over the network
   in the worst case (if a checksum has to be calculated for the whole
   file, don't know how often this can happen).

Bye,
Alexander.

-- 
   If Bill Gates had a dime for every time a Windows box crashed...
                ...Oh, wait a minute, he already does.

http://www.Leidinger.net                       Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message