Re: How do I set-up secure automated file push and pull?

From: Kurt Seifried (bugtraq@seifried.org)
Date: 04/23/02


From: "Kurt Seifried" <bugtraq@seifried.org>
To: "Anupam" <frj780jdy85533001@sneakemail.com>, <focus-sun@securityfocus.com>
Date: Tue, 23 Apr 2002 15:26:02 -0600

Several other methods come to mind:

scp, using public crypto keys. Then your script simply:

scp user@remotehost:/some/file /local/dest

or

NFS over IPSec (IPSec is well supported in Solaris), you can provide read
only mounts, push or pull files, control access reasonably well, etc.

or

or FTP over IPSec, things like proftpd make it really easy to give users
download or upload access only, you can restrict based on IP, if you have
static IP's and are using IPSec then you can simply use anon ftp, no need to
fiddle with credential storage/etc. Nice to mirror as well, wget/mirror make
it pretty easy.

or

rsync over ssh, mostly pull method, but handy for synching large dirs/etc.

There is not "best" way. Sometimes I use rsync over ssh. Sometimes I use
scp. Sometimes I use NFS. Sometimes I use FTP.

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.iDefense.com/



Relevant Pages

  • Re: Still no IPSEC for TCP/IP services?
    ... of using IPSEC as well. ... Adopters Kit for TCP/IP services 5.7 in 2007, ... recommended solutions usually involve "FTP over SSL" (which, ... p.s. TCPware has added some interesting extensions to their SFTP ...
    (comp.os.vms)
  • Re: Windows 2000/2003 IIS FTP support SFTP ??
    ... I have see VPN but not IPSec, check out the bottom section of this kb. ... Information About the IIS File Transmission Protocol (FTP) Service ... >> secure shell type of technology while ftps depends on SSL. ... >> Bernard Cheah ...
    (microsoft.public.inetserver.iis.ftp)
  • RE: NFS with IPSec
    ... Some more info would be helpful, ie: what kind of filtering you have setup, ... What kind of error messages do you get, ... Subject: NFS with IPSec ...
    (Security-Basics)
  • Re: IPSec and Passive FTP
    ... The best way to go about it with IPSec is to block any ... Allowing a whole range of ports which do ... The best way to deal with FTP is to use a connection tracking firewall ...
    (comp.security.firewalls)
  • Re: need a list of port numbers???
    ... Did you allow 443 for https or maybe you are being redirected to ftp for downloads. ... Active ftp may not work well with ipsec. ... > used ports because some of my websites dont allow me to ...
    (microsoft.public.win2000.security)