You could use amanda with kerberos enabled. Just compile it with the --with-krb4-security= configure flag and a couple others if you want. Once its kerberized (version 4 only tho) you will get two new dumptype options, krb4-auth and kencrypt. kencrypt will encrypt the entire connection with the krb4 session key. You can add another measure of protection by using tcpwrappers for the amandad client by running it from inetd. amanda supports the native "dump" program for dumping entire filesystems, and it supports tar. This setup is much safer then putting a plaintext password in some script, or using S/Key ssh type stuff. Amanda project's homepage: http://www.amanda.org/ Robert Simmons Systems Administrator http://www.wlcg.com/ On Fri, 31 Aug 2001, Peter Nixon wrote:
On Mon, 6 Aug 2001 18:29:27 +0200 Maarten J H van den Berg
wrote: On Tuesday 31 July 2001 14:35, Lukas Feiler wrote:
[sorry for my late reply]
I want to do the following: backup all my sensitive date from my main server, pack it into one file and then get it transfered to my backup server.
That's fine but my problem is that those two machines aren't in the same local network. So if I do not encrypt my data it would be (more or less) visible to everybody on the net (who has some hacking knowledge). But as I said this data is sensible (passwords, creditcards, ...)! So I thought of ssh or scp BUT how to automate this process of backing up? I would have to specify user AND password in my backup-script. How do specify a password for ssh / scp in a script??
Instead, the best (and almost completely secure in every aspect) is to use an RSA certificate, and put the command, client-IP etc. which the client uses inside the authorized_keys file on the server: That will make sure that when using that specific certificate, the client is FORCED to run EXACTLY the command specified. Thus, even if the clientsystem gets fully compromised, the backupserver remains safe from the attacker. You can choose to use ssh-agent, or even leave the passphrase blank, as little harm can be done anyway. Worst case would be overwriting the backup with an empty / corrupt one...
There is documentation with ssh how this enforcing works exactly, read it well because it isn't trivial to setup; you have to have the commands exactly right. Once it works however you have a secure backup connection, without establishing an (unwanted) trust- relationship. I've done this myself. Just follow the docs, run sshd in debug level to find the necessary commandstring, and you're fine.
I lost the bookmark to the site where I initially read those docs... :-( But google will help you. The O' Reilly book has some info too.
Good luck, Maarten
-- brick (brik) n. (4) pl. Another item that can be used to crash windows.
Maarten J. H. van den Berg ~~//~~ network administrator van Boetzelaer van Bemmel - Amsterdam - The Netherlands http://vbvb.nl T+31204233288 F+31204233286 G+31651994273
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
I highly recomend that if you are doing any sort of remote file copies that you take a look at rsync instead of scp.
--
Viel Spaß
Nix - nix@susesecurity.com http://www.susesecurity.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com