Re: [loganalysis] Logging standards and such

From: Jeff King (peff-loganalat_private)
Date: Thu Aug 16 2001 - 12:05:27 PDT

  • Next message: Matt Bing: "Re: [loganalysis] Central Syslog Server, Actual Best Choice ?"

    On Wed, 15 Aug 2001, Brian Hatch wrote:
    
    > Wait, are you saying that you'd rather have your machines
    > able to log into each other to set up an SSH tunnel rather
    > than writing a protocol that uses SSL?  SSL != HTTPS.  Either
    Yes. Your SSL listener will need to allow connections, check pub/priv key
    authentication, possibly change UID/GID based on which key, and then send
    data to some command (or handle it internally). This is *exactly* what SSH
    does, and it is already written and well-tested code.  Note that SSH is *NOT*
    required to run a shell (or even allocate a pty).
    
    > Now none of this requires that either machine can SSH to the other.
    I don't see the problem with allowing a machine to ssh to another machine. I
    *do* see a problem with allowing machines to automatically get shells on
    other boxes, and that is what should be stopped.
    
    -Peff
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 12:30:45 PDT