Date: Mon, 20 Apr 2009 15:04:21 +0200 From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> To: freebsd-questions@freebsd.org Cc: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>, cpghost <cpghost@cordula.ws> Subject: Re: Dump | Restore Message-ID: <200904201504.22035.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> In-Reply-To: <20090420125955.GA1750@phenom.cordula.ws> References: <E8298C3B2FC1CC43B3FBAC70544780A602D45118@EXCH-01.mbint.multibanka.com> <alpine.BSF.2.00.0904201245270.14978@wojtek.tensor.gdynia.pl> <20090420125955.GA1750@phenom.cordula.ws>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 20 April 2009 14:59:55 cpghost wrote: > On Mon, Apr 20, 2009 at 12:46:05PM +0200, Wojciech Puchar wrote: > > use rsh not ssh unless you really need encryption. > > Sure, you *could* do that, but be sure to encrypt *and* sign the > backup stream beforehand, e.g. using openssl or gnupg... And even > then, anyone sniffing that poorly encrypted (at layer 2) wireless LAN > connection could still hijack the password, log into the backup host, > and delete or corrupt the (encrypted) dump files. > > Perhaps it's better to use ssh anyway, even for encrypted and signed > dump files. Creating and transfering a couple of key files to the > clients and backup host and using ssh(1) is not hard. Really not. ;-) But doesn't use full network capacity. Closed circuit LAN's (yes, they still do exist) don't need ssh, but a level 0 dump of several TB of data does need full lan speed. -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904201504.22035.mel.flynn%2Bfbsd.questions>