[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [rdiff-backup-users] Security problem with rdiff over ssh?
From: |
Aneurin Price |
Subject: |
Re: [rdiff-backup-users] Security problem with rdiff over ssh? |
Date: |
Fri, 28 May 2010 00:23:49 +0100 |
On Thu, May 27, 2010 at 23:00, feffer
<address@hidden> wrote:
>
> I'm running rdiff-backup over ssh with an unattended cron script using an ssh
> key-pair proceedure described here
> (http://arctic.org/~dean/rdiff-backup/unattended.html). My script works fine,
> but I'm wondering about security. It is generally considered a bad idea to
> allow root login to ssh, but I cannot preserve ownership and permissions if I
> disallow root login.
>
> Is this really a problem since my machines are behind a router on my LAN? The
> ssh key-pairs are not password protected, but isn't the only real security
> threat losing the private key?
>
> Is there a way to lock this down a bit more while still enabling unattended
> backups?
>
Do you really need the permissions on the server to be set correctly,
rather than simply when you restore? If not, I thought rdiff-backup
could save and restore permissions separately from the files in
question, allowing you to record them without needing to be root.
Alternatively you could use metastore
(http://david.hardeman.nu/software.php) which can save file metadata
to a file, allowing you to restore it at a later date.
Both of these still require root privileges on the client machine when
backing up (unless everything is world-readable) and when restoring in
order to reset the permissions, but not on the destination machine.
Nye