On Sat, 11 Nov 2000, James Cameron wrote:
> I'd say a public rsync server with a password known to the code.
I made a little script to do this during DL to collect the stats from a
remote server back to the central server. I modified end_tourney to call
"system("ssh clue\@raidio.gnaps.com > /dev/null 2>1");" when it finished
archiving locally, which is the central server where we played most games
(raidio is the machine that hosts twink.crackaddict.com and
netrek.crackaddict.com).
Then on raidio, I had an ssh rsa key looking like this:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="~/bin/leafstats &" 1024 35 <key> psychos at leaf.lumiere.net
This ensured that leafstats is the only command leaf's key could run; I did
this because I didn't want to have to give the account on leaf login
privileges onto raidio (this is also why I didn't use scp; I didn't want it
to be able to blindly copy files to raidio) so that a compromised account on
leaf wouldn't lead to raidio being compromised.
Then on raidio I had a ~/bin/leafstats script that looks like this:
#!/bin/sh
cd ~/html/leaf.lumiere.net
rsync -rt --rsh=ssh --rsync-path=/home/psychos/bin/rsync psychos at leaf.lumiere.net:public_html/netrek/ .
And on leaf I had an rsa key that allowed any activity from raidio with no
password (as I trusted security in the other direction).
This is probably too complex for general usage, but is probably a bit more
secure, and it alleviates the need to have to actually run rsyncd.