[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amanda-hackers
Subject:    Re: Is this list alive?
From:       Samuel Ziegler <samz () xpedion ! com>
Date:       2001-08-21 22:43:46
[Download RAW message or body]

On Tue, 21 Aug 2001, Judith Freeman wrote:
> On Mon, 20 Aug 2001 sam@xpedion.com wrote:
> >
> > I am a developer and may be able to contribute some cycles to working on
> > amanda.  I saw on the web site that someone was working on creating a
> > security api?  I'd really like to get amanda so that it uses ssh for all
> > of it's comminication.  How hard would it be to do that?
>
> Hi Sam.  Your message about using ssh with Amanda for security caught
> my eye.  I was having a similiar concern a while ago and came up with
> a solution with GPG.  It's a little out of date, but you can see what
> I did at: http://security.uchicago.edu/tools/gpg-amanda/


Thanks for the link.  It's a nifty solution.  The one thing your solution
does which is very nice is that the data on the tapes themselves is
encrypted.  This isn't really a requirement for me.  For me, keeping the
tapes physically secure is enough, cuz if an attacker can physically get
to the tapes, they pretty much own me completely anyway.  That is why I'm
more concerned with transport than storage.  The other thing is that I
have ssh deployed on most machines already, since I use it for other
purposes as well.  Using gpg would require a completely new set of keys.

BTW, it's not really necessary to gzip something which you have encrypted
with gpg, since gpg compresses things with zlib by default already.

  - Sam

[prev in list] [next in list] [prev in thread] [next in thread]