OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: Re: Here is my plan for firewall implement

Re: Here is my plan for firewall implementation

Bennett Todd (betrahul.net)
Mon, 22 Sep 1997 06:04:45 -0700

On Sun, Sep 21, 1997 at 07:16:26PM +0300, Jyri Kaljundi wrote:
> [...] For all the project we have done lately we have used SSH and it's scp
> program, it is not very intuitive to use and the command line version does
> not look very easy to use, but for batch uploads you can make some scripts
> that wrap over scp to make it easier.

I've found it quite easy and pleasant to use for this purpose as well. I
use plug-gw to get it through the firewall (from the inside); I configure
/etc/sshd_config so only RSA authentication will be accepted; I debug the link
using "ssh -v"; then I tweak the ~user/authorized_keys file so it can only
run rsync.

I let one user manage the content with a helper script that (a) validates the
content with weblint, and if it passes (b) checks it into CVS, and finally
(c) sends email to a second user --- typically someone with management
authorization to approve press releases and the like. _That_ person then runs
a script of their own, which (a) checks out a copy of the proposed new content
into their home directory, (b) previews it with their web viewer of choice,
and (c) if they like it, updates the real public site with rsync-over-ssh.

This might not be perfect, but it seems to work pretty well.

-Bennett

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT