Re: [rdiff-backup-users] Security problem with rdiff over ssh?

[Marian 'VooDooMan' Meravy]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

I see solution in creating user "backup" a use POSIX ACL for allowing
this user to read files being backed up. If you are backing up "/"
mountpoint (and have /home, /var, /tmp, etc. on separate partitions/file
systems) then this is indeed a bad idea to enable ACL on root file system.

Another solution would be to use sudo.

Best,
VooDooMan
.

On 28. 5. 2010 0:00, feffer wrote:
> I'm running rdiff-backup over ssh with an unattended cron script using an ssh 
> key-pair proceedure described here 
> (http://arctic.org/~dean/rdiff-backup/unattended.html). My script works fine, 
> but I'm wondering about security. It is generally considered a bad idea to 
> allow root login to ssh, but I cannot preserve ownership and permissions if I 
> disallow root login. 
> 
> Is this really a problem since my machines are behind a router on my LAN? The 
> ssh key-pairs are not password protected, but isn't the only real security 
> threat losing the private key? 
> 
> Is there a way to lock this down a bit more while still enabling unattended 
> backups? 
> 
> thx,
> feffer
> 
> +----------------------------------------------------------------------
> |This was sent by address@hidden via Backup Central.
> |Forward SPAM to address@hidden
> +----------------------------------------------------------------------
> 
> 
> 
> _______________________________________________
> rdiff-backup-users mailing list at address@hidden
> http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
> Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkv+/jUACgkQ1b4D/nruUWdkYgCghQpKfgmK5H59I/1SF2j2vjt5
yIoAoKebtEEvHBfzoQxCXQhvXTOkUsKg
=+4LD
-----END PGP SIGNATURE-----