[syslog-ng]where docs on *REMOTE* logging using ssh??
Nate Campi
nate@campin.net
Tue, 28 Jan 2003 13:05:48 -0800
On Tue, Jan 28, 2003 at 11:57:14AM -0800, Nate Campi wrote:
>
> The right place to start is with your (openssh) authorized_keys file
> having settings like this:
>
> no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss
> AAAAB3N... syslog-ng@remotehost "logging account only"
Haha, I crack myself up. I actually put in "no-port-forwarding" when
answering a post about using ssh for just such a purpose. What a dufus.
Anyways, the rest of what I said still applies. :)
HINT: if you use ssh and want it to reconnect, set it up under
daemontools <URL:http://cr.yp.to/daemontools.html> so that when it dies
it starts right back up, and the output is properly logged with multilog
(assuming you set up logging, which you should). Also look into forced
commands if you want better security. You won't be forwarding straight
into syslog-ng, but you'll rest better knowing you're doing as much as
you can to prevent misuse of this account.
Did I mention that stunnel makes it so you don't need to worry about all
this?
--
Nate Campi http://www.campin.net
Without C, We would only have Pasal, Basi, and obol