Re: Here is my plan for firewall implementation

[Bennett Todd <bet () rahul net>]

On Sun, Sep 21, 1997 at 07:16:26PM +0300, Jyri Kaljundi wrote:
> [...] For all the project we have done lately we have used SSH and it's scp
> program, it is not very intuitive to use and the command line version does
> not look very easy to use, but for batch uploads you can make some scripts
> that wrap over scp to make it easier.

I've found it quite easy and pleasant to use for this purpose as well. I
use plug-gw to get it through the firewall (from the inside); I configure
/etc/sshd_config so only RSA authentication will be accepted; I debug the link
using "ssh -v"; then I tweak the ~user/authorized_keys file so it can only
run rsync.

I let one user manage the content with a helper script that (a) validates the
content with weblint, and if it passes (b) checks it into CVS, and finally
(c) sends email to a second user --- typically someone with management
authorization to approve press releases and the like. _That_ person then runs
a script of their own, which (a) checks out a copy of the proposed new content
into their home directory, (b) previews it with their web viewer of choice,
and (c) if they like it, updates the real public site with rsync-over-ssh.

This might not be perfect, but it seems to work pretty well.

-Bennett