SCP speed question
Bill Campbell
linux-sxs
Sat Jan 6 00:08:04 PST 2007
On Sat, Jan 06, 2007, Matthew Carpenter wrote:
>On Thursday 04 January 2007 17:03, Bill Campbell wrote:
>> For many functions such as doing djbdns zone transfers where one
>> wants to restrict the copies by IP address, but doesn't need to worry
>> about intermediates seeing the data, or dealing with setting up ssh key
>> security, using rsync modules provides adequate security without the
>> hassle. One can easily specify the directory a remote host can access, and
>> allow only that IP access to the directory.
>
>Not necessarily. You may not have been burned yet, but you leave yourself
>open to simple but effective tampering. What damage can one do by tampering
>with DNS zones? hmmmm.... They've done quite a bit of damage just
>poisoning the DNS cache, but the change the address of the slaves....
>
>With as simple as SSH keys are to set up, you would be hard-pressed to make a
>case against doing so.
>
>Rsync, however, is without question one of the best methods to do so. "-e
>ssh" :) I also like the bandwidth limiting functionality.
I often use rsync in its daemon mode without ssh for cases where
the security of the data isn't critical. I would rather do that,
particularly for things that run from cron, than deal with the
issues of ssh keys without proper pass phrases.
>Doesn't djbdns provide actual DNS zone transfers with IP and/or key-based
>restrictions?
It does, but it's far easier to basically ``cat'' a bunch of zone
files together, and rsync the combined files to secondaries.
Bill
--
INTERNET: bill at Celestial.COM Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
``The best we can hope for concerning the people at large is that they be
properly armed.''
-- Alexander Hamilton, The Federalist Papers at 184-188
More information about the Linux-users
mailing list