Nate Thanks. This is all good info. From what you've said I'm sure stunnel is easier and better for this little job. My only hesitation in using all these handy little lesser known tools is whether they have the same auditing/inspection of their source code like openssh does. OpenSSH is very widely used and many people analyze the code for defects daily. It is widely trusted and from a reputable source (OpenBSD guys). It would be safe and useful to invest my time in openssh since it will be around forever.... I don't know about stunnel though. Then again what do I know?... Chris P.S. I'm still surprised syslog-ng has no docs on remote logging and even docs for using syslog-ng with ssh or stunnel are hard to come by. On Tue, Jan 28, 2003 at 01:05:48PM -0800, Nate Campi wrote:
On Tue, Jan 28, 2003 at 11:57:14AM -0800, Nate Campi wrote:
The right place to start is with your (openssh) authorized_keys file having settings like this:
no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AAAAB3N... syslog-ng@remotehost "logging account only"
Haha, I crack myself up. I actually put in "no-port-forwarding" when answering a post about using ssh for just such a purpose. What a dufus.
Anyways, the rest of what I said still applies. :)
HINT: if you use ssh and want it to reconnect, set it up under daemontools <URL:http://cr.yp.to/daemontools.html> so that when it dies it starts right back up, and the output is properly logged with multilog (assuming you set up logging, which you should). Also look into forced commands if you want better security. You won't be forwarding straight into syslog-ng, but you'll rest better knowing you're doing as much as you can to prevent misuse of this account.
Did I mention that stunnel makes it so you don't need to worry about all this? -- Nate Campi http://www.campin.net
Without C, We would only have Pasal, Basi, and obol
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- _______________________________________ Dr. Christian Seberino SPAWAR Systems Center San Diego Code 2872 San Diego, CA 92152-6147 U.S.A. Phone: (619) 553-9973 Fax: Email: seberino@spawar.navy.mil _______________________________________