[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [rdiff-backup-users] Security problem with rdiff over ssh?
From: |
Marian 'VooDooMan' Meravy |
Subject: |
Re: [rdiff-backup-users] Security problem with rdiff over ssh? |
Date: |
Fri, 28 May 2010 01:20:23 +0200 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
I see solution in creating user "backup" a use POSIX ACL for allowing
this user to read files being backed up. If you are backing up "/"
mountpoint (and have /home, /var, /tmp, etc. on separate partitions/file
systems) then this is indeed a bad idea to enable ACL on root file system.
Another solution would be to use sudo.
Best,
VooDooMan
.
On 28. 5. 2010 0:00, feffer wrote:
> I'm running rdiff-backup over ssh with an unattended cron script using an ssh
> key-pair proceedure described here
> (http://arctic.org/~dean/rdiff-backup/unattended.html). My script works fine,
> but I'm wondering about security. It is generally considered a bad idea to
> allow root login to ssh, but I cannot preserve ownership and permissions if I
> disallow root login.
>
> Is this really a problem since my machines are behind a router on my LAN? The
> ssh key-pairs are not password protected, but isn't the only real security
> threat losing the private key?
>
> Is there a way to lock this down a bit more while still enabling unattended
> backups?
>
> thx,
> feffer
>
> +----------------------------------------------------------------------
> |This was sent by address@hidden via Backup Central.
> |Forward SPAM to address@hidden
> +----------------------------------------------------------------------
>
>
>
> _______________________________________________
> rdiff-backup-users mailing list at address@hidden
> http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
> Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkv+/jUACgkQ1b4D/nruUWdkYgCghQpKfgmK5H59I/1SF2j2vjt5
yIoAoKebtEEvHBfzoQxCXQhvXTOkUsKg
=+4LD
-----END PGP SIGNATURE-----