Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Managing Oracle with R-commands vs. SSH

Re: Managing Oracle with R-commands vs. SSH

From: makbo <makbo_at_pacbell.net>
Date: Thu, 27 Mar 2003 01:17:50 GMT
Message-ID: <3E82513D.8070500@pacbell.net> 





[...]

>>> Also note that once you force them to use ssh, they will soon want 
>>> ssh public keys w/o passphrases so that they can operate w/o using 
>>> password. Avoid this as well.
>>>
>>> -Chuck
>>>
>>
>> Would you allow for using public keys that need passwords?




> 

> 



[...]


> The main benefit of ssh is that everything is encrypted before it leaves 

> the system. The sshd server can also be configured to make brute force 

> attacks and other various crack attempts much harder. (but configurable 

> timeouts, bad passwords, etc...)

> 



[...]


Correction - public keys don't use passphrases (hence the name 
"public"), private keys do.



I have used R-commands back in the early 90's when SSH was not widely 
available (or not available at all?).  I now use SSH.  I wear both Unix 
admin and Oracle DBA hats, and you definitely need password-less SSH 
access via the "authorized_keys" file.  How else, for example, are you 
going to copy backup files across the network via a cron job using scp 
if a password is required?  Once you accept this reality, there is 
nothing you need R-commands for to manage Oracle -- it can all be done 
with SSH.



Three caveats:



    
  
  1.   SSH adds a significant amount of overhead for encryption.  If you 
need to copy 5GB of data or more, you'll probably find that FTP (or 
R-commands) is an order of magnitude faster than SSH. In fact, I have 
falsely accused our network of poor performance when in fact it was just 
an overloaded CPU trying to do encryption on top of everything else 
running on the box.

  
  2.   one R-command I didn't see mentioned is "rdist".  This is a very 
powerful tool for managing clone environments (distributing various 
config files, etc).  It is non-trivial to migrate from "rdist" to 
"rsync", but once you do it works fine, with optional SSH support.

  
  3.   I think only OpenSSH is freeware. Other versions of SSH (such as 
those that use IDEA algorithm) involve patents and license fees. 
However I hear that Solaris 9 has SSH bundled.






--Mark B.
Received on Wed Mar 26 2003 - 19:17:50 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US