Just trying to harden security. My concern is if someone had physical access to backuppc server they could easily logon as backuppc user by resetting the password and therefore gain access to the ssh keys. Now I see it is possible to put the ssh keys in an encrypted private directory (See EncryptedPrivateDirectory - Community Help Wiki). This would mean that even if someone could reset the password and logon as backuppc they wouldn't have access to the keys.
Has anyone done this or would recommend this way or got any other suggestions?
Please refer to EncryptedFilesystems for further documentation. See EncryptedHome for details of encrypting your whole home directory rather than a sub-directory as described here.