From owner-freebsd-questions@FreeBSD.ORG Mon Apr 20 12:59:58 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CBC301065672 for ; Mon, 20 Apr 2009 12:59:58 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42]) by mx1.freebsd.org (Postfix) with ESMTP id 5885E8FC1E for ; Mon, 20 Apr 2009 12:59:58 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from phenom.cordula.ws (phenom [192.168.254.60]) by fw.farid-hajji.net (Postfix) with ESMTP id C2CAA34627; Mon, 20 Apr 2009 14:59:55 +0200 (CEST) Date: Mon, 20 Apr 2009 14:59:55 +0200 From: cpghost To: Wojciech Puchar Message-ID: <20090420125955.GA1750@phenom.cordula.ws> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.19 (2009-01-05) Cc: questions@freebsd.org Subject: Re: Dump | Restore X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Apr 2009 13:00:00 -0000 On Mon, Apr 20, 2009 at 12:46:05PM +0200, Wojciech Puchar wrote: > use rsh not ssh unless you really need encryption. Sure, you *could* do that, but be sure to encrypt *and* sign the backup stream beforehand, e.g. using openssl or gnupg... And even then, anyone sniffing that poorly encrypted (at layer 2) wireless LAN connection could still hijack the password, log into the backup host, and delete or corrupt the (encrypted) dump files. Perhaps it's better to use ssh anyway, even for encrypted and signed dump files. Creating and transfering a couple of key files to the clients and backup host and using ssh(1) is not hard. Really not. ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/