Date: Fri, 9 Apr 1999 10:26:24 +1000 (EST) From: Bruce Campbell <bc@thehub.com.au> To: Mark Newton <newton@atdot.dotat.org> Cc: Grant Beckerleg <grant@vbc.net>, freebsd-security@FreeBSD.ORG Subject: Re: ssh and scp Message-ID: <Pine.BSF.3.96.990409100127.23278B-100000@zerlargal.humbug.org.au> In-Reply-To: <199904080936.TAA11475@atdot.dotat.org>
index | next in thread | previous in thread | raw e-mail
On Thu, 8 Apr 1999, Mark Newton wrote: > Grant Beckerleg wrote: > > > I am very new to FreeBSD and I have been asked > > to investigate some security issues. I am not sure if this is FreeBSD > > specific or a general OS question so please bear with me. > > I use ssh to securely login to remote machines and I am looking into > > secure transfer of DNS database records between nameservers. > > Maybe I'm missing something, but isn't that what zone transfers > are for? Yes and no. Sure, if you've got a clear path between the two machines, zone transfers, using BIND 8* features to tell the other nominated nameservers when a change of a zone occurs, it works. If you operate a vaguely more secure network, or you are just paranoid about equipment failures, your master zone files are maintained behind a firewall, and then ssh (rsync specifically)'d out to your external nameserver. Works for me, although I'll admit to being a bit shy of null-password RSA keys, which can be alleviated somewhat by restricting which hosts can use which keys. --==-- Bruce. host -t txt rcs.203.in-addr.arpa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990409100127.23278B-100000>