Date: Fri, 28 Jul 2000 09:48:26 -0400 (EDT) From: mi@aldan.algebra.com To: David Malone <dwmalone@maths.tcd.ie> Cc: stable@freebsd.org Subject: Re: rdist and pam Message-ID: <200007281348.JAA99713@misha.privatelabs.com> In-Reply-To: <200007281055.aa78980@salmon.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28 Jul, David Malone wrote: = > So you want to do ssh-style authentication, but not actually tunnel = > the connection through ssh -- is that what you mean? You can force = > ssh authentication if you tunnel the connection through it, because = > you can make the cvsupd server bind only to localhost. = = Basically what we want is something like RsaRhosts - if you trust = root@remote.machine you can be sure about the username of the person = at the far end. Ordinary users have shell access to both the server = machine and the clients, and we don't want users to be able to cvsup = the unreadable files so we need to know it's root@remote.machine we're = talking to. What you should, probably, use is rdist6 over ssh with ssh compression disabled. It is the compression, not the encryption that kills the throughput on fast networks. Having the traffic encrypted is better anyway for the long run, although you can build ssh with the cypher ``none'' available and use it... -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007281348.JAA99713>