On Wed, Jul 23, 2003 at 09:44:03AM +0200, Steffen Dettmer wrote:
But you connect to root to make sure to read all files? Or do you connect to some unpriviledged user?
no, i connect to root, with a key without passphrase, but i restrict the command to my rsync wrapper.
if ( $line =~ m#^/usr/bin/rsync --server --sender # ) { # this regexp will need tweaking to handle unusual # (but legal) characters in paths. eg: [_.] ($safeline=$line) =~ s|[^\w\s\d-/.]||g;
Here you just have to get the path passed by commandline, so it is not problem of course.
i put this in /root/bin/rsync_wrapper, my authorized_keys is like this:
command="bin/rsync_wrapper",no-pty,no-port-forwarding,no-agent-forwarding ssh-dss AAA...
probably with some from="" and so on, quite clear.
yes
this is all on the "client machine", the one which is backed up. On the server, it is important to call rsync with the "--rsync-path="-Option, otherwise, the $SSH_ORIGINAL_COMMAND will be "rsync --server --sender..." and not "/usr/bin/rsync --server --sender..." So you have to do (on the server) "rsync --rsync-path=/usr/bin/rsync -e ssh ..."
If you don't trust the PATH, or in which case?
exactly. In fact, when i took over administration of these machines, they were quite a mess, partially self-compiled, partially original SuSE/RedHat, and so i make sure, i run the rsync, that I installed. Of course they will be reinstalled ASAP ;-)
If you are really paranoid,
I'm not only asking for paranoia but als for practical expiriences. I use a server poll approach on one system with a few hosts also, but but manual trigger only, because not-password protected SSH keys for root are not a perfect thing.
yes, but the private key is only on the backup server. If someone gets root access to the backup server, he has all the data he needs to compromise the live machine, so i don't worry too much about the ssh-key then. :-) And he has to come from our internal network (yes, i know, a lot of attacks come from internal machines) and he can only rsync, which he does not need anymore, since the data is already on the backupserver.
The rsync --server --sender can be used to write to the system also I guess? Or just r/o?
No, AFAIK, rsync --server --sender is sent over, if you do a rsync -e ssh someotherhost:/path /localpath rsync without --sender is sent, if you do a rsync -e ssh /localpath someotherhost:/path But this are my observations only. To be honest, i have not looked into the code nor searched documentation about this. If somebody has better ideas, please speak up :-) regards, Stefan -- Stefan Seyfried Senior Consultant community4you GmbH, Chemnitz, Germany. http://www.community4you.de http://www.open-eis.com