[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote backup using GNU tar doesn't work

From: Colin S. Miller
Subject: Re: Remote backup using GNU tar doesn't work
Date: Tue, 11 Apr 2006 20:43:27 +0100
User-agent: Debian Thunderbird 1.0.2 (X11/20051002)

Saurabh Barve wrote:
Colin S. Miller wrote:

It looks like you have set up a ssh keypair (ssh-keygen).
If you set the key's password to the empty string,
you won't be prompted for a password.

Yes. That is correct; that is what I have done. I think the empty passphrase is too much of a risk.

If this is too much for a security risk, you can set up a
'tar' user on the remote machine, and use sudo to run tar.
You then set up a passwordless keypair for the 'tar' user.

Hmmm. I'll try doing that. Is there more documentation on this somewhere? I want to be able to back up all my file systems. A normal user won't have all the permissions on them. Plus, how could I prevent this account from being exploited due to its passwordless nature?



First of all,
is the prompted password for
1) the outer shh, into machine B

for the ssh session tar creates to access the tape
on machine A?

In the case of (1),
then sudo is probably the way to proceed.
man 8 sudo
man 5 sudoers

in the case of (2)
create an new account on machine 'A', called 'tape'.
Make it a member of the 'tape' group, and add full
control of /dev/nst0 to this group.

tar should be able to use the group by using
tar -b 512 --rsh-command=/usr/bin/ssh -tvf tape@System A:/dev/nst0

As for ssh security, the key password is used to protect the key;
Unless someone gets a hold of the key they can't log in by using the key's
I can't see any way in man 5 ssh_config to restrict the command the ssh runs
when the user logs in.

Colin S. Miller

Replace the obvious in my email address with the first three letters of the 
hostname to reply.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]