[syslog-ng]where docs on *REMOTE* logging using ssh??

Nate Campi nate@campin.net
Tue, 4 Feb 2003 17:57:19 -0800


On Tue, Feb 04, 2003 at 04:24:07PM -0800, seberino@spawar.navy.mil wrote:
> 
> Thanks.  This is all good info.  From what you've
> said I'm sure stunnel is easier and better for this
> little job.  My only hesitation in using all these
> handy little lesser known tools is whether they
> have the same auditing/inspection of their
> source code like openssh does.

OpenSSH has had plenty of security problems, it's never been
demonstrated that the OpenBSD audits really help anything. The main key
to their good security record is due to the fact that most services are
shut down by default. 

> OpenSSH is very widely used and many people analyze
> the code for defects daily.  It is widely trusted
> and from a reputable source (OpenBSD guys).  It would
> be safe and useful to invest my time in openssh
> since it will be around forever.... I don't know
> about stunnel though.

Even if openssh itself has no security holes, that's not the point. The
points I brought up were concerned with misuse of the shell access
openssh grants. THAT's what I'd be scared about if I were you.

Anyways, I tunnel all kinds of crap with SSH port forwarding, I just
don't think it's the best solution for most situations. There aren't any
docs needed for syslog-ng using a tunnel, since the docs with stunnel or
ssh related to tunneling with TCP apply to any TCP traffic. Look for
docs with those tools and you'll be fine.
-- 
Nate Campi    http://www.campin.net