Encryption (privacy) is not often a big deal in system
administration. With the exception of the distribution of passwords and secret
keys themselves, there is little or no reason to maintain any level of
privacy when transferring system files (binaries for instance). If
you find yourself using a tool like cfengine to transmit company
secrets from one place to another you should probably book yourself
into the nearest asylum for a checkup. Cfengine is not about super-secure
communication, but it can be used to perform the simple job of file
distribution through an encrypted link (e.g. as a NIS replacement or
other password distributor). Cfengine uses the triple DES implemenation
in the OpenSSL distribution (or equivalent) to provide
`good enough' privacy during remote copying.
The most important issue in system security is authentication.
Without the ability to guarantee the identity of a user or of trusted
information it is impossible to speak of security at all. Although
services like pidentd can go some way to confirming the identity of a
user, the only non-spoofable way of confirming identity is to use a
shared secret -- i.e. a password. A password works by demanding that
two parties who want to trust one another must both know a piece of
information which untrusted parties do not.
Following the second world war, the now famous pair, Julius and Ethel Rosenberg
were convicted and executed for spying on the U.S. bomb project for
the Soviet Union in 1953. At one point they improvised a clever
password system: a cardboard Jell-O box was torn in two and one half
given to a contact whom they later would need to identify. The
complex edge shape and colour matching made a complex key quite
impossible to forge. Our bodies use a similar method of receptor
identification of molecules for immune responses as well as for smell
(with some subtleties). Without matching secrets it is impossible to
prove someone's identity.
Bear in mind that the server must be a trusted host. Privacy won't help
you if the data you are collecting are faulty. In order to use the
encryption there must be a public/private key pair on each host. The
public key must be known by both hosts. You can use the program cfkey to
generate a new key file. This public key file must then be
distributed. Cfagent/cfrun and cfservd can exchange keys securely over
the network. This is fine, provided you trust the sources of the keys
(how do you know the key is from the host/user who claims to have sent
it?).
Under encrypted communications cfengine conceals the names and contents
of files. Provided the private key files are private, this has the added side
effect of authenticating both hosts for one another.
On the server side, you can choose whether root on a client host
should have server-root's privileges to read protected files on the server. In the
`cfservd.conf' file you make a list:
In the second example, you can also restrict access to certain
files to encrypted lines, i.e. demand that clients use a private
connection to collect the file, in order to prevent wiretapping.
Please take a moment to fill out
this visitor survey You can help support this site by
visiting the advertisers that sponsor it! (only once each, though)
