[erlang-questions] two questions: secure traffic and
Siraaj Khandkar
siraaj@REDACTED
Sat Oct 20 06:35:29 CEST 2012
On Oct 20, 2012, at 12:18 AM, Wes James wrote:
> On Fri, Oct 19, 2012 at 10:13 PM, Siraaj Khandkar <siraaj@REDACTED>wrote:
>
>> On Oct 20, 2012, at 12:02 AM, Wes James wrote:
>>
>>> I finally have some of the functionality of:
>>>
>>> https://github.com/comptekki/esysman
>>>
>>> updated from just PC management to Linux and Mac.
>>>
>>> I have some questions regarding secure traffic and running as a root
>>> process for some comands on linux/mac.
>>>
>>> 1. How do I secure the traffic between nodes? I tried to find the email
>>> about that the cookie was really not a security item and that the traffic
>>> is just tcp. What is best practice to secure traffic between nodes?
>>
>> Currently, the stable choice is a VPN tunnel between nodes on an untrusted
>> network.
>>
>> Alternatively, if you feel like exploring new grounds, you can try
>> communicating
>> over SSH. Kenji Rikitake made the proof of concept here:
>>
>> https://github.com/jj1bdx/sshrpc
>
>
> Ok thanks for these!
You're very welcome.
>>> 2. On windows, I install the service and it has admin privs to do most
>>> anything. What would the best way be to install an erlang service that
>>> needs to do "root" work on linux/mac systems?
>>
>> sudo
>>
>>
> I've always used sudo with a password, but it looks like I could set up a
> user that doesn't require a password:
>
> http://www.ducea.com/2006/06/18/linux-tips-password-usage-in-sudo-passwd-nopasswd/
>
> Is there a different way? Since when the app would sudo command remotely,
> it would ask for a password where there's no way to type it in.
As long as you have "NOPASSWD:" option configured, it should work just as well
over SSH as it does at a console. I do it all the time.
--
Siraaj Khandkar
.o.
..o
ooo
More information about the erlang-questions
mailing list