[clug] scp alternative
Daniel Pittman
daniel at rimspace.net
Sat Apr 11 07:36:41 GMT 2009
George Bray <georgebray at gmail.com> writes:
> On Sat, Apr 11, 2009 at 3:19 PM, Daniel Pittman <daniel at rimspace.net> wrote:
>> George Bray <georgebray at gmail.com> writes:
>
>>> Does anyone know of an alternative solution where I get the
>>> client/host authentication of ssh, but don't get the CPU overhead of
>>> encrypting and compressing the payload?
>>
>> Um, why do you want the client and host authentication? Is there
>> really a security risk that someone will insert incorrect video into
>> the target?
>
> I need the clients to authenticate to the server to start the
> procedure, but once it's running I don't care about MITM issues.
Hmmmm. How secure does that authentication need to be? I am having
trouble envisioning the risk you are protecting yourself against.
Obviously you don't need to explain that, as long as you are willing to
forgive the possibility that my advice is off-target for the needs I
don't fully understand. :)
>>> PS - I'm trying to avoid fileshares/mounts for robustity over long
>>> times.
>>
>> Unless your hosts are changing IP address then NFSv3/TCP should be
>> sufficiently robust for your needs — assuming that this is also WRT
>> authentication and/or connection relability?
>
> That was my first thought, but I've been warned against building 24/7
> systems that rely on mounts staying up all the time.
Well, I suspect those warnings came from people who are from the modern
school of Linux experience, not the more traditional Unix school.
I have worked with critical systems, running banking and stock exchange
trading, that are absolutely, totally dependent on NFS mounts for their
operation.
> It's not that the network is unreliable, the recommendation was more
> about detecting and recovering from failures being more complex with
> mounts vs individual copy sessions.
This depends a bit: NFS is generally very self-healing, and the basic
copy operation is relatively trivial using either approach: if it
doesn't fully report success then repeat.
*shrug*
> I didn't mention it in my original post, but I want the ability for an
> admin server to issue commands for copying files between a number of
> remote servers. That's where I started with scp. rsync is a brilliant
> package, but it can't do remote-remote copying.
Well, not directly controlled from the third machine; you would need to
initiate it on one of the remote systems.
> So I think I'm heading for rcp instead, which can apparently
> authenticate using kerberos.
Assuming you already have Kerberos in place, yes. Otherwise you now
have two problems. ;)
Um, and FWIW, Kerberos is more complex that NFS and has (in general)
higher demands on system coherence to operate. So, recovery if that
goes wrong is likely to be harder than if NFS goes wrong...
> Thanks for the discussion, and the off-list comments. CLUG is a
> powerful brains trust, even on a lazy easter weekend!
Good luck addressing your needs.
Um, it occurs to me after writing all this that you are asking about
technical problems with a specific solution, while you have not
described your actual goal.
It sounds like your goal is to shuffle video data around between
machines and do ... something with it. There might, perhaps, be a
better solution ahead of inventing your own...
Regards,
Daniel
More information about the linux
mailing list