* Lukas Feiler wrote on Tue, Jul 31, 2001 at 14:35 +0200:
I want to do the following: backup all my sensitive date from my main server, pack it into one file and then get it transfered to my backup server.
Set up some backup user on your backup server. Create a key for root accounts on the other servers. Put their's identity to ~backup/.ssh/authorized_keys. Then root's cann connect to backup user w/o password. As root on serves create some cron job script. This invokes something like tar -cf - $OPTS $FILES | \ ssh backup@backupserver \ "cat | gzip > $TGZ_FILE" add some error handling :) The disadvantage is, taht any roots could download those tgz files and crack /etc/shadow and the like. To get around that, you need to implement a litte script containing "cat | gzip > $FILE" as ssh-command-wrapper. The root keys get the name of this script as command="script" in authorized_keys (and cannot do anthing except execute that script). Then they can only fill the Harddisk. Well, use quotas or different filesystems for backups... Hope this short description makes the security idea understanable. Read sshd manpage for details about authorized_hosts. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.