Why don't you just have in your sshd config PermitRootLogin without-password
and have a public key of your client in the /root/.ssh/authorized_hosts on the server. I don't think the restrict-update is very secure anyway, but this works well. on Wednesday 02/04/2009 Chris G([email protected]) wrote > I'm using rdiff-backup to backup files across a LAN. The destination > machine has a dedicated backup account which has passwordless ssh > login set up for client machines that want to do backups. > > To make things a bit more secure I have added the following to my > sshd_config on the destination/backup machine:- > > Match User=bak > ForceCommand rdiff-backup --server > > So far so good. I can backup as required but it's not possible to > login to the bak account using ssh. I'd like to lock it down a bit > further by using the --restrict-update-only option so that if an > intruder did gain access to a client machine they wouldn't be able to > remove anything useful from the backups by deleting or overwriting. > > However I'm not quite clear how --restrict-update-only works, can I > just do something like:- > > Match User=bak > ForceCommand rdiff-backup --server --restrict-update-only / > > and thus prevent anything other than updates for *all* backups? > > -- > Chris Green > > > _______________________________________________ > rdiff-backup-users mailing list at [email protected] > http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users > Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici [email protected] _______________________________________________ rdiff-backup-users mailing list at [email protected] http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
