[clug] scp alternative

[George Bray]

On Sat, Apr 11, 2009 at 3:19 PM, Daniel Pittman <daniel at rimspace.net> wrote:
> George Bray <georgebray at gmail.com> writes:

>> Does anyone know of an alternative solution where I get the
>> client/host authentication of ssh, but don't get the CPU overhead of
>> encrypting and compressing the payload?
>
> Um, why do you want the client and host authentication?  Is there really
> a security risk that someone will insert incorrect video into the target?

I need the clients to authenticate to the server to start the
procedure, but once it's running I don't care about MITM issues.

>> PS - I'm trying to avoid fileshares/mounts for robustity over long
>> times.
>
> Unless your hosts are changing IP address then NFSv3/TCP should be
> sufficiently robust for your needs — assuming that this is also WRT
> authentication and/or connection relability?

That was my first thought, but I've been warned against building 24/7
systems that rely on mounts staying up all the time. It's not that the
network is unreliable, the recommendation was more about detecting and
recovering from failures being more complex with mounts vs individual
copy sessions.

I didn't mention it in my original post, but I want the ability for an
admin server to issue commands for copying files between a number of
remote servers. That's where I started with scp.  rsync is a brilliant
package, but it can't do remote-remote copying.

So I think I'm heading for rcp instead, which can apparently
authenticate using kerberos.

Thanks for the discussion, and the off-list comments.    CLUG is a
powerful brains trust, even on a lazy easter weekend!

-- 
George Bray, The Australian National University, Canberra, Australia.