* Maarten J H van den Berg wrote on Mon, Aug 06, 2001 at 18:29 +0200:
Instead, the best (and almost completely secure in every aspect) is to use an RSA certificate, and put the command, client-IP etc. which the client uses inside the authorized_keys file on the server: That will make sure that when using that specific certificate, the client is FORCED to run EXACTLY the command specified.
It's not trivial to configure access via rsync to some backup server. rsync needs root privileges to keep ownerships. Rsync as root may overwrite any file. The authorized_keys wrapper needs to filter the directory arguments (keep track on /backup/../etc/shadow and so on). Another possibility: the server runs something like tar -cvf - $SOURCES_TO_BACKUP | ssh backup@backuphost cat > host.tar It seems to me that this would be easier to wrap correctly. No root access to the backup server required. Any comments? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.