Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
Re: [suse-security] Secure Backup
  • From: Lars Ellenberg <l.g.e@xxxxxx>
  • Date: Thu, 4 Dec 2003 19:17:59 +0100
  • Message-id: <0Uamj02UJBSkXA5oSOMbkog=lge@xxxxxx>


if you really need the permissions etc.,
run on the target as root,
log in unpriviledged on the source.
on the source, you can even have a "forced command"
configured for your ssh key.
in case you for some reason really want to run as root on the
source box, too, forced command is your best friend, since
then the "attacker" only has access to the files, which he
obviously has already anyways (at least to their most recent
backup).

man sshd
.ssh/authorized_keys2 file format
command='...'

Lars Ellenberg

< Previous Next >
References