Rob Wilson wrote:
Recently I have seen many posts for using SCP to copy files to a remote
location, I was intending to invoke an upload servlet to do a similar job -
but the servlet would insert some data into a database.
Is it generally recommended to use SCP instead of invoking a servlet? Any
pro's/con's that I should be aware of?
Cheers,
Rob.
ssh/scp is the tool of choice for secure uploads
1. defends against man in the middle attacks, either to grab the
passwords or to alter the files.
2. if you keep the keys on the client system, its pretty easy to automate.
3. built in to all linux systems
4. works really well with rsync and ssh
Weaknesses
-some theoretical work on grabbing passwords (not public/private key
pairs) by using timing information
-too many people accept changed remote keys, when really they should
question why their server's key has just changed
-lots of scanner programs are always trying to break in to port 22 with
common logons/passwords.
-if an exploit is found, it will be very widely exploited.
If you use it, and want to lock it down
-run it on a different port from normal
-disable root access
-set it to use public keys only.
if you wrote your own servlet for uploads you would probably be less
secure, and have something you would need to test and maintain. If done
over HTTPS, especially with client-side certificates, it would be pretty
secure (encrypted traffic, no spoofing of either end). WebDAV is
effectively this, so is Atom Publishing Protocol. Otherwise, just handle
the POST and PUT requests yourself.
Now, some ant targets to scare people w.r.t ssh and scp, namely how to
upload an RPM to a virtualized linux image and test that it installs.
First, an upload creating a clean upload dir and pushing out some rpms:
<target name="rpm-upload" depends="rpm-upload-init" >
<rpmssh command="rm -rf ${rpm.full.ssh.dir}/" failonerror="false"/>
<rpmssh command="mkdir -p ${rpm.full.ssh.dir}"/>
<property name="rpm.ssh.path"
value="[EMAIL PROTECTED]:${rpm.full.ssh.dir}" />
<scp remoteToDir="${rpm.ssh.path}"
passphrase="${rpm.ssh.passphrase}"
keyfile="${rpm.ssh.keyfile}"
trust="${rpm.ssh.trust}"
verbose="${rpm.ssh.verbose}" >
<fileset refid="rpm.upload.fileset"/>
</scp>
</target>
Then some target to install the RPMs:
<target name="rpm-remote-install-all" depends="rpm-upload" >
<rootssh command="cd ${rpm.full.ssh.dir};rpm --upgrade --force
${rpm.verbosity} *.rpm"
outputProperty="rpm.result.all"/>
<validate-rpm-result result="${rpm.result.all}" />
</target>
Now, a set of ssh scripts to verify that common files and dirs are
properly owned/existing:
<target name="rpm-queries-test" depends="rpm-remote-install"
description="check that files and directories belong to the RPMs">
<expandingcopy file="${rpm.metadata.dir}/rpm-queries.txt"
todir="${build.dir}"/>
<rootssh
failonerror="true"
command="rpm -qf ${rpm.install.dir} ;
rpm -qf ${rpm.install.dir}/bin ;
rpm -qf ${rpm.install.dir}/lib ;
rpm -qf ${rpm.install.dir}/links ;
rpm -qf ${rpm.install.dir}/links/smartfrog.jar;
rpm -qf ${rpm.install.dir}/links/sfServices.jar;
rpm -qf ${rpm.install.dir}/bin/security ;
rpm -qf ${rpm.install.dir}/bin/metadata ;
rpm -qf ${rpm.log.dir} ;
rpm -qf ${rpm.etc.dir} ;
rpm -qf ${rpm.install.dir}/testCA ;
rpm -qf ${rpm.install.dir}/private ;
rpm -qf ${rpm.install.dir}/signedLib ;
rpm -qf /etc/profile.d/smartfrog.sh ;
rpm -qf /etc/profile.d/smartfrog.csh ;
rpm -qf ${rpm.install.dir}/docs ;
rpm -qf ${rpm.install.dir}/src ;
rpm -qf ${rpm.install.dir}/src.zip "
outputProperty="rpm.queries.results"/>
<echo>${rpm.queries.results}</echo>
<fail>
<condition>
<or>
<contains string="${rpm.queries.results}"
substring="is not owned by any package"/>
<contains string="${rpm.queries.results}"
substring="No such file or directory"/>
</or>
</condition>
One of the directories/files in the RPM is not declared as being
owned by any RPM.
This file/directory will not be managed correctly, or have the
correct permissions
on a hardened linux
</fail>
</target>
we look for the error text because <sshexec> in ant1.7 doesnt handle
errors from multiple commands correctly -we run through all the rpm -q
operations and then validate the output.
--
Steve Loughran http://www.1060.org/blogxter/publish/5
Author: Ant in Action http://antbook.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
