Great hints here, I especially liked the idea of hardening sshd_config and the .ssh/authorized_keys file.
> Unless you lose the private key, this is secure. But double-check that > root can login *only* using the key > (set > PermitRootLogin without-password > or even > PermitRootLogin forced-commands-only > in sshd_config... Although I'm using rdiff-backup now, I was a little bit dishonest about the question. I'm considering using rsync to backup my / filesystems, and perhaps using rdiff for data files only. So in testing rsync, the permissions/ownership issue is a bit different; they aren't stored separately on the server. I tried using sudo, but couldn't get this work. IE, I have a special ordinary user, "bak" and set sudoers to allow bak to run rsync and ssh. Probably doing something wrong, but I'm not really liking that approach. Lots of good suggestions here. +---------------------------------------------------------------------- |This was sent by [email protected] via Backup Central. |Forward SPAM to [email protected]. +---------------------------------------------------------------------- _______________________________________________ rdiff-backup-users mailing list at [email protected] http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
