On 3/18/2011 6:57 AM, Neal Becker wrote:
> Neal Becker wrote:
>
>> I'm interested in setting up linux->linux backup.  I don't like the idea of
>> giving permission for machine1 as user backup to ssh to machine2 as root.
>> What are the options?
>>
>> 1. Can ssh be restricted so that the only command user backup can run is
>> rsync? 2. Is there an easy way (using acls?) to give a user backup read 
>> access
>> to everything (probably not)
>> 3. Some other options I haven't thought of?
>>
>>
>
> Maybe I can use the command=rsync option to the client's authorized_keys file?

You can, but keep in mind that your security still depends very much on 
the security of the backup host.  If you permit write access it can 
replace any files on the targets, and even without, it is likely to have 
copies of private keys in the backups and encrypted passwords that can 
be cracked with offline access.

-- 
   Les Mikesell
    lesmikesell AT gmail DOT com

------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/