[rescue] SGI fw_sshd and security
Dave McGuire
mcguire at neurotica.com
Sun Mar 7 23:37:28 CST 2004
On Mar 8, 2004, at 12:35 AM, Patrick Finnegan wrote:
>>>> At Digex, we had a really great scheme going. We did rdist
>>>> verify passes every night, from our proto machines which were as
>>>> locked-down as we could make them. Now, if you're familiar with
>>>> rdist, you know that in verify mode it sends each file down and
>>>> then does a byte-for-byte compare. That'd be a tremendously
>>>> expensive operation to perform on, say, six hundred SPARCstations.
>>>> We made a nice little mod to rdist in which the MD5 checksum is
>>>> sent down to the target machine and verified. I think that may
>>>> have actually made it into the main rdist source tree but I'm not
>>>> sure. It was *cool*.
>>>
>>> Err, can't you already do that with rsync? Without modifications?
>>
>> You couldn't in 1994, which is when we did that at Digex. :-)
>
> Ahh, that makes a bit more sense. You didn't say when before and I
> mistakenly thought "recently." :)
Oh ok, sorry for not being more specific. :)
We also had it authenticating with Kerberos4.
-Dave
--
Dave McGuire "My tummy hurts now, but my soul
Cape Coral, FL feels a little better." -Ed
More information about the rescue
mailing list