On Wed, Feb 04, 2009 at 03:33:05PM -0500, John covici wrote: > on Wednesday 02/04/2009 Chris G([email protected]) wrote > > On Wed, Feb 04, 2009 at 01:52:32PM -0500, John covici wrote: > > > on Wednesday 02/04/2009 Chris G([email protected]) wrote > > > > I'm using rdiff-backup to backup files across a LAN. The destination > > > > machine has a dedicated backup account which has passwordless ssh > > > > login set up for client machines that want to do backups. > > > > > > > > To make things a bit more secure I have added the following to my > > > > sshd_config on the destination/backup machine:- > > > > > > > > Match User=bak > > > > ForceCommand rdiff-backup --server > > > > > > > > So far so good. I can backup as required but it's not possible to > > > > login to the bak account using ssh. I'd like to lock it down a bit > > > > further by using the --restrict-update-only option so that if an > > > > intruder did gain access to a client machine they wouldn't be able to > > > > remove anything useful from the backups by deleting or overwriting. > > > > > > > > However I'm not quite clear how --restrict-update-only works, can I > > > > just do something like:- > > > > > > > > Match User=bak > > > > ForceCommand rdiff-backup --server --restrict-update-only / > > > > > > > > and thus prevent anything other than updates for *all* backups? > > > > > > > > > > Why don't you just have in your sshd config > > > PermitRootLogin without-password > > > > > > and have a public key of your client in the > > > /root/.ssh/authorized_hosts on the server. I don't think the > > > restrict-update is very secure anyway, but this works well. > > > > > That would permit exactly what I'm trying to avoid wouldn't it? > > > > If (heaven forbid) an intruder got root access to my machine (which is > > the backup client) then they would have free access to the backup > > machine as well. Thus a malicious intruder would be able to delete > > everything on my machine *and* on the backup machine as well. > > > > What I'm trying to do is have a backup which isn't trivially > > accessible from the client. > > > But you could do the same thing on your client so no one could ever > log in to root unless they had a public key on your client. > If I never turn it on it will be perfectly safe. :-)
Yes, my client (the machine to be backed up) is fairly secure. However given that ssh access from the outside world is allowed (even if only for non-root and from specific IPs) there is a risk that someone could get into it and wreak havoc. What I want to do is to minimise the risk that anyone who does that will also be able to get at my backups and destroy them too. -- Chris Green _______________________________________________ rdiff-backup-users mailing list at [email protected] http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
