Re: Making a secure log server?

[Aaron Turner <aturner linuxkb org>]

On Mon, 18 Oct 1999, Michael Jinks wrote:

> The U of C is a company, but we use ssh all the time (not sure what the
> licensing issues would be with ssl).  How would I get ssh to come up
> automatically at boot, open a connection to the logger, and then accept
> lines from some pipe?

You have a few ways of doing this depending on your security concerns.
First, let me say that the SSL solution will be more secure because it
doesn't require a valid shell like ssh does (there are ways to get around
that, but they're less than optimal in my experiance).

Anyways, in the ssh manpage, look for "RSA keys".  Basically you want to
create a limited rights user on your web server and log server.  Generate
the RSA keys and put the "private key" on the log server and the "public
key" on the web servers.  When you generate the RSA keys, DON'T TYPE A
PASSWORD.  WARNING: THIS IS BAD/INSECURE/EVIL.  Then setup a RC script to
start up the ssh tunnel at runlevel 2.

--
Aaron Turner, Core Developer       http://vodka.linuxkb.org/~aturner/
Linux Knowledge Base Organization  http://linuxkb.org/
Because world domination requires quality open documentation.