From owner-freebsd-embedded@FreeBSD.ORG  Tue Dec  9 20:29:01 2008
Return-Path: <owner-freebsd-embedded@FreeBSD.ORG>
Delivered-To: freebsd-embedded@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9E364106564A
	for <freebsd-embedded@freebsd.org>;
	Tue,  9 Dec 2008 20:29:01 +0000 (UTC)
	(envelope-from brix@FreeBSD.org)
Received: from solow.pil.dk (relay.pil.dk [195.41.47.164])
	by mx1.freebsd.org (Postfix) with ESMTP id 5D7598FC1C
	for <freebsd-embedded@freebsd.org>;
	Tue,  9 Dec 2008 20:29:01 +0000 (UTC)
	(envelope-from brix@FreeBSD.org)
Received: from tirith.brixandersen.dk (0x55534f5f.adsl.cybercity.dk
	[85.83.79.95]) by solow.pil.dk (Postfix) with ESMTPA id 4CF481CC1BA
	for <freebsd-embedded@freebsd.org>;
	Tue,  9 Dec 2008 21:09:32 +0100 (CET)
Received: by tirith.brixandersen.dk (Postfix, from userid 1001)
	id B3AE01141D; Tue,  9 Dec 2008 21:09:30 +0100 (CET)
Date: Tue, 9 Dec 2008 21:09:30 +0100
From: Henrik Brix Andersen <brix@FreeBSD.org>
To: freebsd-embedded@freebsd.org
Message-ID: <20081209200929.GA42936@tirith.brixandersen.dk>
References: <DE033AA5-3C9A-443E-98EB-D313F8BF13EA@jump-ing.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="jI8keyz6grp/JLjh"
Content-Disposition: inline
In-Reply-To: <DE033AA5-3C9A-443E-98EB-D313F8BF13EA@jump-ing.de>
X-PGP-Key: http://www.brixandersen.dk/files/HenrikBrixAndersen.asc
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: How to notify for maintenance
X-BeenThere: freebsd-embedded@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Dedicated and Embedded Systems <freebsd-embedded.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-embedded>, 
	<mailto:freebsd-embedded-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-embedded>
List-Post: <mailto:freebsd-embedded@freebsd.org>
List-Help: <mailto:freebsd-embedded-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-embedded>, 
	<mailto:freebsd-embedded-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Dec 2008 20:29:01 -0000


--jI8keyz6grp/JLjh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 09, 2008 at 07:11:29PM +0100, Markus Hitter wrote:
> The small problem now is, this box needs some moderately complex =20
> maintenance from time to time which I want to do from the outside =20
> (another computer). Storing root keys and software to use it on the =20
> same computer running lighttpd doesn't make me feel good.
>=20
> The question is: How would I securely notify another computer to do =20
> this (automatic) maintenance? Whatever I think of, this requires at =20
> least an ssh certificate and is pretty universal allowing it to be =20
> used to trigger harmful things as well.

Turn the scenario the other way around and have the trusted 'remote'
computer initiate the maintenance at given intervals?

Brix
--=20
Henrik Brix Andersen <brix@FreeBSD.org>

--jI8keyz6grp/JLjh
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
Comment: GnuPG signed

iEYEARECAAYFAkk+0HkACgkQv+Q4flTiePgYoQCgr8YEV4ImvZAGKmI/aTqhi3y4
vkwAn3eBGyQ/Niq3N9RKIt6kKtyAUvmd
=kJiR
-----END PGP SIGNATURE-----

--jI8keyz6grp/JLjh--