Hi, 14.09.2007 18:09,, Mike Mestnik wrote:: > On Thu, Sep 13, 2007 at 10:57:27PM +0200, Arno Lehmann wrote: ... >> Interesting setup... I assume this is to provide some sort of secure >> communication, similar to what (earlier, for Bacula) was done using >> stunnel or could be achieved both by using encrypted communications in >> Bacula, or by setting up a VPN... >> > It's more like a VPN, but it can ONLY be used to "run nc". A server > side proxy is used to add greater security.
Well, if you need an approach like this... actually, I would do this differently, but that might be a matter of taste. See below. > Bacula currently has the following vulnerability. > 1. A "shared" secret. The above method uses pub/priv keys. As the shared secret only allow one pre-defined communication channel, I don't see a big problem here. I.e., when, on a client machine, you see the secret the DIR uses to contact the FD, you can not access the DIR (or any other part of Bacula) using that secret. > 2. Certificates used for SSL? Do you buy them or use self signed? Whatever you like... For these purposes - well-defined usage, and the clients need to be set up for this particular server anyway - I think self-signed certificates are absolutely ok. Of course, if you already run a PKI, it would keep things more manageable if you put your Bacula-related certificates into the regular trust tree. > 2a. Setting up a CA and adding that to the root CAs on the DIR side? > This would be more difficult and error prone, ssh automates > most of this. <With the "Is this the correct fingerprint?"> That, I think, depends. I found that, once you got used to it, using a well-defined CA setup is neither more difficult nor more error than managing a large number of ssh key pairs. For a very limited number of connections, ssh might be easier, though. > In this method the client and server "are authenticated" using *cheaper* > methods, perhaps just as secure. Well, if the methods are cheaper really depends on if you already know how to operate a CA - plain ssh is simple to set up, but once you have more than a handful of connections with multiple identities on each end, you are in an administrative nighmare, IMO. > I also add points for being easier > to setup, like not having to deal with signatures, only the keys need > to be setup. A key is not that much different from a certificate - you create it, you move it into place, and you point your software to it. Anyway, I understand what you do now, and I think that others might find this interesting. How about if you wrote a small article for wiki.bacula.org? Arno -- Arno Lehmann IT-Service Lehmann www.its-lehmann.de ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
