[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: webcam html and ftp servers: restricting access

On Mon, Oct 01, 2007 at 07:30:06PM -0500, Russell L. Harris wrote:
> * Andrew Sackville-West <andrew@farwestbilliards.com> [071001 17:42]:
> > On Mon, Oct 01, 2007 at 03:58:26PM -0500, Russell L. Harris wrote:
> > > I am planning to run a remote machine (running Debian "testing") with
> > > a webcam for monitoring a remote location.  
> > > 
> > > I plan to use apache2 to serve images which I can view from any
> > > machine.
> > 
> > depending on your needs, you might look at motion (its packaged for
> > debian). It includes a tiny little webserver that will stream images
> > and allow remote control of the app. I just reviewed the manpage of
> > motion and it includes some configurable stuff as far as ports (not
> > https, though) so you may be able to use ssh tunneling to make it work
> > securely.
> I discovered motion, but I think that it is a bit too complex for this
> stage of the project.  And I found three other webcam server HOWTOs.
> But I still am confused as how to get the system working.

I beg to differ as motion is pretty darn simple to setup and operate,
but you are welcome to use whatever solution you like.

> I also discovered "sftp", which may be the solution I am seeking.
> I wish to be certain that my desktop system is not compromised if
> someone steals the remote system; so if the remote system runs a
> script for ftp via ssh, the password or passphrase contained in the
> script should be exclusive to ftp.  Am I making sense?

I'm not sure. sftp merely provides ftp service tunnelled through ssh
and gives access to ssh niceties like pubkey authentication. What
specifically are you trying to do with ftp? If you want to be able to
login remotely and pull images from the remote camera box, then
certainly, sftp (or any number of other things) would work. If you set
up pubkey authentication, then you're pretty secure at the remote end
and there is nothing in the remote end that allows access to the local
end. If you're trying to *push* images from the remote end to local,
that's a different story. Pushing means you've got to run your
authentication the other way and expose your local end to compromise
from a compromised remote end. 

So, maybe you could lay out exactly what you want to have happen,

also, if you are just tying to grab remote images every so often, and
you have a web interface setup, you could just script wget to scrape
the page every so often and save it locally. just a thought.


Attachment: signature.asc
Description: Digital signature

Reply to: