Date: Thu, 25 Mar 1999 11:10:02 +0000 (GMT) From: 0x1c <nick@shibumi.feralmonkey.org> To: Mike Thompson <miket@dnai.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Kerberos vs SSH Message-ID: <Pine.BSF.4.05.9903251100270.284-100000@shibumi.feralmonkey.org> In-Reply-To: <4.1.19990324113601.0097aeb0@mail.dnai.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You might also be interested at implementing some sort of a VPN between the servers. Have a look at www.kame.net for a free *BSD IPsec implementation. Cheers, Nick -- Therefore those skilled at the unorthodox are as infinite as heaven and earth, inexhaustible as the great rivers. -- Sun Tzu, The Art of War On Wed, 24 Mar 1999, Mike Thompson wrote: > We are configuring a series of web servers running FreeBSD 2.2.8 > for a new Internet service. To implement our service we need > to provide a mechanism for secure communication between the > servers using an rsh-like facility. > > One method of doing this would be to run SSH on each server for > encrypted/authenticated communication. However, the downsides > of this are that there wouldn't be a central administration > facility for managing authentication information (unless we > create one), ssh has a relatively high CPU overhead to encrypt > all communications and we would like to avoid paying the substantial > license fees for SSH across a large number of servers. > > An alternative would be to run a rsh in combination with a > Kerberos server to centrally administer authentication > information between each server. Communication between the > servers would take place behind a router to prevent > interception of the unencoded packets. We would also use > IPFW to restrict communication with rsh as further protection > against hacking. > > Does anyone here have an opinion as to whether rsh and Kerberos > can be used in this manner for efficient and secure communication > between web servers running a distributed application? > > Ideally, we want to keep the cost per server as low as possible > with regards to licensing fees, but we also don't want to compromise > on security. > > Thanks, > > Mike Thompson > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9903251100270.284-100000>