Firewall Wizards mailing list archives
Re: Here is my plan for firewall implementation
From: Bennett Todd <bet () rahul net>
Date: Mon, 22 Sep 1997 06:04:45 -0700
On Sun, Sep 21, 1997 at 07:16:26PM +0300, Jyri Kaljundi wrote:
[...] For all the project we have done lately we have used SSH and it's scp program, it is not very intuitive to use and the command line version does not look very easy to use, but for batch uploads you can make some scripts that wrap over scp to make it easier.
I've found it quite easy and pleasant to use for this purpose as well. I use plug-gw to get it through the firewall (from the inside); I configure /etc/sshd_config so only RSA authentication will be accepted; I debug the link using "ssh -v"; then I tweak the ~user/authorized_keys file so it can only run rsync. I let one user manage the content with a helper script that (a) validates the content with weblint, and if it passes (b) checks it into CVS, and finally (c) sends email to a second user --- typically someone with management authorization to approve press releases and the like. _That_ person then runs a script of their own, which (a) checks out a copy of the proposed new content into their home directory, (b) previews it with their web viewer of choice, and (c) if they like it, updates the real public site with rsync-over-ssh. This might not be perfect, but it seems to work pretty well. -Bennett
Current thread:
- Here is my plan for firewall implementation Jim Raykowski (Sep 21)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Jyri Kaljundi (Sep 21)
- Re: Here is my plan for firewall implementation Bennett Todd (Sep 22)
- Re: Here is my plan for firewall implementation Jyri Kaljundi (Sep 21)
- Re: Here is my plan for firewall implementation Craig Brozefsky (Sep 21)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Craig Brozefsky (Sep 22)
- NCSA's RECON Service Adept (Sep 22)
- Re: Here is my plan for firewall implementation Joseph S. D. Yao (Sep 22)
- Re: Here is my plan for firewall implementation Adam Shostack (Sep 22)
- Re: Here is my plan for firewall implementation Paul D. Robertson (Sep 23)
- Re: Here is my plan for firewall implementation Alfred Huger (Sep 24)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- <Possible follow-ups>
- Re: Here is my plan for firewall implementation See, Matthew (Sep 22)
- Re: Here is my plan for firewall implementation Peter Jeremy (Sep 22)