[rescue] SGI fw_sshd and security

Dave McGuire mcguire at neurotica.com
Sun Mar 7 23:37:28 CST 2004

On Mar 8, 2004, at 12:35 AM, Patrick Finnegan wrote:
>>>>    At Digex, we had a really great scheme going.  We did rdist
>>>> verify passes every night, from our proto machines which were as
>>>> locked-down as we could make them.  Now, if you're familiar with
>>>> rdist, you know that in verify mode it sends each file down and
>>>> then does a byte-for-byte compare.  That'd be a tremendously
>>>> expensive operation to perform on, say, six hundred SPARCstations.
>>>>  We made a nice little mod to rdist in which the MD5 checksum is
>>>> sent down to the target machine and verified.  I think that may
>>>> have actually made it into the main rdist source tree but I'm not
>>>> sure.  It was *cool*.
>>> Err, can't you already do that with rsync?  Without modifications?
>>    You couldn't in 1994, which is when we did that at Digex. :-)
> Ahh, that makes a bit more sense.  You didn't say when before and I
> mistakenly thought "recently." :)

   Oh ok, sorry for not being more specific. :)

   We also had it authenticating with Kerberos4.


Dave McGuire                      "My tummy hurts now, but my soul
Cape Coral, FL                   feels a little better."     -Ed

More information about the rescue mailing list