On 29 May 17:39, Mark Rogers wrote:
On 29 May 2014 12:22, Chris Green cl@isbd.net wrote:
2 - Run an rsync daemon on the dmz and copy the files by connecting to this from the BBB. [...] the disadvantage is that the connection isn't encrypted at all.
.. but you go on to say:
There's nothing valuable in the files, they're just temperature and electrical measurements from the boat so I don't care at all about the files being visible to the world. My security concern is to minimise the risk of someone getting into my dmz system.
If you're not concerned about the content of the files being accessible to the world once you have them in your DMZ, then is the paranoia about them being available to wire-sniffers a big issue?
Anyway, my first thought was to go old-school and look at something like FTP; ftp servers have long been tasked with allowing anonymous uploads (and preventing them being downloaded again, and from preventing users getting anywhere onto the server that they shouldn't). FTP can be encrypted (FTPS) although that's not something I've played with. But it looks like all the major FTP servers out there support FTPS, so that would be the way I'd go, which should take care of both your concerns.
Except FTP is a nightmare when nat is involved, and more so when using FTPS. Personally I'd just set up a seperate key and account on the machine that the data is going to and throw the files over rsync over ssh using a passphraseless key. Less messing about with configuration, single port to worry about, etc, etc.