If you can execute shell commands directly from the ram folder (ssh, sftp) and therefore pull files straight into it with sftp, this seems exactly right. It sounds like you'll only need the secure connection on an occasional/rare basis. Imo don't try for an always-on connection for that such as a vpn. Whichever way you do, you'll want to pay attention to where the important encryption keys reside. At least in general (and maybe even specifically), we know that encrypted data is being snatched off the wire and retained. In the case of sshd, you would want your sshd daemon keys to live on the machine with the more-secure storage medium and use the vserver as the client. For a vpn or similar you'd need to look at exactly how it works and decide if there is a right way and if so, what it is. Hopefully the only thing you feel there is a need to protect from is improper read access. If someone can write to your vserver as root, that would be a Very Bad Thing (TM). Sorry about the strange/disjointed line feeds in my first email btw, not sure why that happens. I'm trying short lines now, seeing if it works better. If you add linefeeds to what I wrote before where it makes sense, it may be easier to read. On Tuesday 27/08/2013 at 12:38 am, Tony Xue wrote:
|
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays