Re: webcam html and ftp servers: restricting access
- From: Andrew Sackville-West <andrew@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 1 Oct 2007 22:22:25 -0700
On Mon, Oct 01, 2007 at 11:49:35PM -0500, Russell L. Harris wrote:
* Andrew Sackville-West <andrew@xxxxxxxxxxxxxxxxxxxx> [071001 23:00]:
On Mon, Oct 01, 2007 at 07:30:06PM -0500, Russell L. Harris wrote:
* Andrew Sackville-West <andrew@xxxxxxxxxxxxxxxxxxxx> [071001 17:42]:
On Mon, Oct 01, 2007 at 03:58:26PM -0500, Russell L. Harris wrote:
I am planning to run a remote machine (running Debian "testing") with
a webcam for monitoring a remote location.
I beg to differ as motion is pretty darn simple to setup and
operate,
Thanks, Andrew. This is the type of dialogue I need. I'll take
another look at motion.
:). I'm only pushing it because I use it and because it has the
built-in web-server. As such, it is a lighter weight option than
running apache and then some other webcam app.
What specifically are you trying to do with ftp? If you want to be
able to login remotely and pull images from the remote camera box,
then certainly, sftp (or any number of other things) would work.
If you set up pubkey authentication, then you're pretty secure at
the remote end and there is nothing in the remote end that allows
access to the local end.
I had not given much thought to this approach; but I could implement
it inexpensively with the aid of a dynamic dns service. It would be
much like fetching mail from a pop server.
yup.
If you're trying to *push* images from the remote end to local,
that's a different story. Pushing means you've got to run your
authentication the other way and expose your local end to compromise
from a compromised remote end.
That is the approach I had in mind, and that is why I was concerned.
But if the local machine goes out of service, there is no monitoring.
So the first approach would be better.
yeah. I think pushing is a bad idea. As I said, it means the remote
machine needs to authenticate to the local machine, which means
someone could spoof that authentication and compromise the local
machine. Much better to authenticate the other way. The remote machine
could archive what you want and you could get it when you need either
by peeking at the web image when you want, or downloading captured
images or video. motion is highly configurable and can be made to do
all sorts of interesting things including calling scripts when its
done capturing motion. This would make doing the push thing more
attractive, but I think it can be used in more elegant ways too.
So, maybe you could lay out exactly what you want to have happen,
again.
Initially, all I need is the ability to glance at the remote site now
and then, using a single webcam, in order to satisfy myself that all
is well. It would be dandy to be able to listen in, also, using the
microphone on the webcam. I was not attempting to provide
comprehensive security monitoring.
well again, motion could be configured to show you a pretty low frame
rate over the web, just so you could see what's what and could also be
made to output .avi's of anything interesting, like the motion of
someone walking through the room, into local (that is, on the remote
machine) files for you to grab later. You could also script it do to
nice things like email you if it detects motion.
It would be nice if I could check on the remote site from a machine of
a relative or friend. But they all run Window$, so that necessitates
that I implement a web server, either at the remote site or else at my
home. If the web server is at home, then the home machine is exposed
to attack (as well as to frequent lightning storms).
The issue with the remote system is not so much security as it is
keeping the system up and running despite hackers. I cannot afford
to reinstall the system every week. So I plan to use an external
firewall to protect the remote machine.
so turn off remote control of the motion app and just put up the web
images. As I said originally, I'm sure you could tunnel it through ssh
if you wanted, though what the use of that is, i don't know. make use
of dynamic dns, and then you can surf to the web image whenever you
want. Now, that puts your images in the public view, and I'm not sure
how to avoid that as motion doesn't seem to authenticate for viewing,
just for controlling. You'll have to research that a bit.
also, if you are just tying to grab remote images every so often, and
you have a web interface setup, you could just script wget to scrape
the page every so often and save it locally.
Again, like automatically fetching the mail.
yup.
look, just FTR, I'm not sure if motion is what you really need, but it
seems like a close enough fit, at the outset, that its worth more of
your time to investigate it. hth
A
Attachment:
signature.asc
Description: Digital signature
- Follow-Ups:
- Re: webcam html and ftp servers: restricting access
- From: Douglas A. Tutty
- Re: webcam html and ftp servers: restricting access
- From: Russell L. Harris
- Re: webcam html and ftp servers: restricting access
- References:
- webcam html and ftp servers: restricting access
- From: Russell L. Harris
- Re: webcam html and ftp servers: restricting access
- From: Andrew Sackville-West
- Re: webcam html and ftp servers: restricting access
- From: Russell L. Harris
- Re: webcam html and ftp servers: restricting access
- From: Andrew Sackville-West
- Re: webcam html and ftp servers: restricting access
- From: Russell L. Harris
- webcam html and ftp servers: restricting access
- Prev by Date: Re: webcam html and ftp servers: restricting access
- Next by Date: Possible Interrupt problem?
- Previous by thread: Re: webcam html and ftp servers: restricting access
- Next by thread: Re: webcam html and ftp servers: restricting access
- Index(es):
Relevant Pages
|
