[WBEL-users] ssh, root, and remote backups
A Streetcar Named
desire@gmail.com
Fri, 13 Aug 2004 21:07:32 +0800
On Thu, 12 Aug 2004 21:28:38 -0600, James Knowles
<jamesk@ifm-services.com> wrote:
> All of this ssh talk spurs a question for me... we have remote boxes to
> administer, which we also do backups via rsync over ssh.
>
> Now in theory one should not allow logins directly to root. In practice
> I've not figured out a way to do automated backups without logging in
> directly as root.
Perhaps if your backup program/script can be made safe, you can ssh in
as a specially created "backup operator" user, grant the user sudo
access to the backup program/script, and perhaps even enforce in
~/.ssh/authorized_keys that the backup operator is only authorised to
run that backup program non-interactively and nothing more.