Date: Mon, 20 Apr 2009 14:59:55 +0200 From: cpghost <cpghost@cordula.ws> To: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> Cc: questions@freebsd.org Subject: Re: Dump | Restore Message-ID: <20090420125955.GA1750@phenom.cordula.ws> In-Reply-To: <alpine.BSF.2.00.0904201245270.14978@wojtek.tensor.gdynia.pl> References: <E8298C3B2FC1CC43B3FBAC70544780A602D45118@EXCH-01.mbint.multibanka.com> <alpine.BSF.2.00.0904201245270.14978@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 20, 2009 at 12:46:05PM +0200, Wojciech Puchar wrote: > use rsh not ssh unless you really need encryption. Sure, you *could* do that, but be sure to encrypt *and* sign the backup stream beforehand, e.g. using openssl or gnupg... And even then, anyone sniffing that poorly encrypted (at layer 2) wireless LAN connection could still hijack the password, log into the backup host, and delete or corrupt the (encrypted) dump files. Perhaps it's better to use ssh anyway, even for encrypted and signed dump files. Creating and transfering a couple of key files to the clients and backup host and using ssh(1) is not hard. Really not. ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090420125955.GA1750>