From owner-freebsd-embedded@FreeBSD.ORG  Tue Dec  9 18:11:44 2008
Return-Path: <owner-freebsd-embedded@FreeBSD.ORG>
Delivered-To: freebsd-embedded@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5D33E106564A
	for <freebsd-embedded@freebsd.org>;
	Tue,  9 Dec 2008 18:11:44 +0000 (UTC) (envelope-from mah@jump-ing.de)
Received: from mail.ud03.udmedia.de (ud03.udmedia.de [194.117.254.43])
	by mx1.freebsd.org (Postfix) with ESMTP id BE7728FC17
	for <freebsd-embedded@freebsd.org>;
	Tue,  9 Dec 2008 18:11:43 +0000 (UTC) (envelope-from mah@jump-ing.de)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=mail.ud03.udmedia.de; h=
	mime-version:content-transfer-encoding:message-id:content-type:
	to:from:subject:date; q=dns/txt; s=beta; bh=saVxVNJnk68eNSerdbxN
	cIk89GA8ZXDUQM67Og5UURo=; b=RbzJfFZw4FggkrbD5eYfgnjDg7BthVweIZbt
	jPKPnTMmqszawyTuodlvDWTvE2FJ7ikVjI46zKmrGbmekhN02fIYmjPOzAX9Lsm6
	f4tEpeNGLVP6khYo+ga+fdoMNanjwAPcAcYk0+iMP/VE7BN5BItid7a6xvIZwuiX
	s5vu7rE=
Received: (qmail 1827 invoked from network); 9 Dec 2008 19:11:40 +0100
Received: from unknown (HELO ?10.0.0.50?) (ud03?291p1@78.42.215.201)
	by mail.ud03.udmedia.de with ESMTPA; 9 Dec 2008 19:11:40 +0100
Mime-Version: 1.0 (Apple Message framework v753.1)
Content-Transfer-Encoding: 7bit
Message-Id: <DE033AA5-3C9A-443E-98EB-D313F8BF13EA@jump-ing.de>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: freebsd-embedded@freebsd.org
From: Markus Hitter <mah@jump-ing.de>
Date: Tue, 9 Dec 2008 19:11:29 +0100
X-Mailer: Apple Mail (2.753.1)
Subject: How to notify for maintenance
X-BeenThere: freebsd-embedded@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Dedicated and Embedded Systems <freebsd-embedded.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-embedded>, 
	<mailto:freebsd-embedded-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-embedded>
List-Post: <mailto:freebsd-embedded@freebsd.org>
List-Help: <mailto:freebsd-embedded-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-embedded>, 
	<mailto:freebsd-embedded-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Dec 2008 18:11:44 -0000


Hello all,

my TinyBSD box is running fine and for security reasons, I've removed  
(almost) everything executable. One of the few remainings is  
lighttpd, to make a web server.

The small problem now is, this box needs some moderately complex  
maintenance from time to time which I want to do from the outside  
(another computer). Storing root keys and software to use it on the  
same computer running lighttpd doesn't make me feel good.

The question is: How would I securely notify another computer to do  
this (automatic) maintenance? Whatever I think of, this requires at  
least an ssh certificate and is pretty universal allowing it to be  
used to trigger harmful things as well.

Any insight to best practices is welcome.


Thanks,
Markus Hitter

- - - - - - - - - - - - - - - - - - -
Dipl. Ing. Markus Hitter
http://www.jump-ing.de/