** Reply to message from Dan Horth <[EMAIL PROTECTED]> on Fri, 19 Apr 2002 07:15:55 +1000
> Hi - I've been going through the faq at >http://www.tolisgroup.com/gen-faq3.html#remote to see how to setup use of a remote >tape drive for backups, and noted on other pages related to setting up rsh / rlogin >that it's a potential security risk, and that I should look into ssh instead. > > quick and dirty net diag: > > Internet > | > | > | > Machine 1 > (Firewall / Gateway) > | > | > | > Machine 2 ------------------------Machine 3 > (Proxy / Internet Services (File Server) > / Firewall) > > > I was wondering: > > 1) is this really going to be a security risk - the client computer (Machine 3) is >on a network separated from the internet by two firewalls, with no real internet >access. I trust my users and they don't have shell access to any servers at any rate. >The only threat I perceive is from the internet. The server would be the proxy server >(Machine 2) and I'd imagine an intruder would have to hack through the firewall, then >break into the second firewall / proxy server / rsh server to to anything >interesting. I'd be blocking any rsh type action between the two firewalls, and >limiting rsh action to only occur between the proxy and file servers > > 2) can ssh be used to replace rsh in driving remote tape drives like this > > 3) has anyone had any experience / can share any configuration files to help me with >my setup. > > I'm sure there was another question - but it's too late at night (early in the >morning) and I can't think right now! Hoping to set this up tomorrow so any ideas >would be appreciated. Dan - If you ssh to the firewall, and then ssh from the firewall to an internal box, then everything is travelling along an encrypted path. jb -- Jack Bowling mailto: [EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list