On Fri, Dec 20, 2002 at 06:03:19PM +0000, Liam Bedford wrote:
> > How are you checking the disk space on remote machines ? The only
> > nice way I could think of doing it was creating an unencrypted ssh key
> > which limited what could be run to one script, e.g:
> >
> > no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="~/bin/stats"
> > <rest of ssh public key>
> >
> are you worried about security?
of course :)
> why not just stick a script on a port
> with inetd which gives back the stats you want (and then firewall that
> port off).
As it is, we don't manage access-control/firewall rules/tcp-wrappers
on a per host level, and keeping the ACL on the gateway as trim as
possible is highly desirable (it sees GigE line rate sometimes!), plus
it's also an extra service (and we don't even run inetd on the boxes
in question :)
Though a script-from-inetd solution does have the advantage that it
could be more easily packaged ... hmmmmm, *goes off to think about it
some more*
--
colmmacc at redbrick.dcu.ie PubKey: colmmacc+pgp at redbrick.dcu.ie
Web: http://devnull.redbrick.dcu.ie/
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
