Mailinglist Archive: opensuse-security (511 mails)

< Previous Next >
Re: [suse-security] automatic backups over ssh/scp
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Fri, 31 Aug 2001 23:21:05 +0200
  • Message-id: <20010831232105.B5954@xxxxxxxxx>
* Maarten J H van den Berg wrote on Mon, Aug 06, 2001 at 18:29 +0200:
> Instead, the best (and almost completely secure in every aspect) is to
> use an RSA certificate, and put the command, client-IP etc. which the
> client uses inside the authorized_keys file on the server: That will
> make sure that when using that specific certificate, the client is FORCED
> to run EXACTLY the command specified.

It's not trivial to configure access via rsync to some backup
server. rsync needs root privileges to keep ownerships. Rsync
as root may overwrite any file. The authorized_keys wrapper needs
to filter the directory arguments (keep track on
/backup/../etc/shadow and so on).

Another possibility: the server runs something like
tar -cvf - $SOURCES_TO_BACKUP | ssh backup@backuphost cat > host.tar

It seems to me that this would be easier to wrap correctly. No
root access to the backup server required.

Any comments?

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
List Navigation
Follow Ups