Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: edform on December 29, 2005, 06:12:20 PM
-
One of the requirements for automatic synchronization of two SME servers via the internet is opening port 22 through the router to allow SSH to talk. Is this a high risk situation?
Any comments
Ed Form
-
ed,
...use SSH2 with a 2048-bit RSA private/public key pair with a strong pass phrase
...safe as it gets.
Read the AdminFAQ, or search here for "ssh 2.0", rsa public private keys.
wellsi.com should still have a tutorial available.
regards
Reinhold
-
...use SSH2 with a 2048-bit RSA private/public key pair with a strong pass phrase ...safe as it gets.
Read the AdminFAQ, or search here for "ssh 2.0", rsa public private keys.
wellsi.com should still have a tutorial available.
Thanks for the tip, I'll look into it.
Ed Form
-
automatic synchronization of two SME servers via the internet
?!!?
AFAIK, sme doesn't replicate
-
Happy new Year!
:pint: I am not sure about "replication"... :pint:
...but have a google on us with "rsync over ssh".
I am (almost) sure that or something similar is what Ed is trying!
Regards
Reinhold
-
...but have a google on us with "rsync over ssh".
I am (almost) sure that or something similar is what Ed is trying!
I am trying to get the rsync over ssh idea to fly.
The two servers are in buildings about 150metres apart, and will each have its own mail setup, but I need to keep some standard office stuff closely in sync in the ibays - so it's only the ibays I'm trying to keep near to the same.
I've had very little success in getting the SSH bit of the process going - can't actually log in at all. I've got the right port opened at both ends; when I send a command by hand, with a user name included, there is a long delay and then a timeout message - I never see the password challenge response.
I've decided to sidestep the whole problem and send for a narrow-beam radio bridge kit. I won't get enough speed to network over the link, but I'll be able to sync the ibays in the background.
Ed Form
-
Ed,
Read man ssh especially:
First, if the machine the user logs in from is listed in
/etc/hosts.equiv or /etc/ssh/shosts.equiv on the remote machine, and the
user names are the same on both sides, the user is immediately permitted to log in.
... and note you need a template for this stuff in SME !
Just go -http://www.wellsi.com- where I sent you to tackle RSA anyway ;-) ...
and you will find:
This brief example shows the start of a SSH session where the username is specified using the -l option.
[dummy@homepc dummy]$ ssh -l dummy gatekeeper
Enter passphrase for key '/home/dummy/.ssh/id_rsa':
Last login: Tue Feb 18 11:38:43 2003 from somewhere
Welcome to the Mitel Networks SME Server.
bash-2.05a$
For more on ssh look here: The Secure Shell (SSH) Frequently Asked Questions (http://www.kleber.net/ssh/ssh-faq.html)
...and if needed "debug" stuff using SourceForge.net: SSH Client Instructions (http://sourceforge.net/docs/F01/en/)
Regards
Reinhold
-
Read man ssh especially:
First, if the machine the user logs in from is listed in
/etc/hosts.equiv or /etc/ssh/shosts.equiv on the remote machine, and the
user names are the same on both sides, the user is immediately permitted to log in.
... and note you need a template for this stuff in SME !
Just go -http://www.wellsi.com- where I sent you to tackle RSA anyway ;-) ...
and you will find:
This brief example shows the start of a SSH session where the username is specified using the -l option.
[dummy@homepc dummy]$ ssh -l dummy gatekeeper
Enter passphrase for key '/home/dummy/.ssh/id_rsa':
Last login: Tue Feb 18 11:38:43 2003 from somewhere
Welcome to the Mitel Networks SME Server.
bash-2.05a$
For more on ssh look here: The Secure Shell (SSH) Frequently Asked Questions (http://www.kleber.net/ssh/ssh-faq.html)
...and if needed "debug" stuff using SourceForge.net: SSH Client Instructions (http://sourceforge.net/docs/F01/en/)
Actually Reinhold, it's a bit easier than that. You just have to avoid being a complete twit like me!!! How was I ever going to connect to the secure shell if I had secure shell connection set to local networks only in the server manager???????
I've now managed to transfer data from server to server using the quoted username and password-challenge route - the next bit is to make it two-way and use RSA.
It's me for www.wellsi.com
And thanks for the help.
Ed Form