[WBEL-users] ssh, root, and remote backups
Alex Tkachenko
alex@ingrian.com
Fri, 13 Aug 2004 12:18:03 -0700
On Fri, 2004-08-13 at 08:54, James Knowles wrote:
> >log in via ssh ... then run your backup job with sudo
> >
> >
>
> I aplogise for not being very clear, or completely misunderstanding. I'm
> good at both.
>
> The remote machines are out in the wild outside of our firewall. From
> within the firewall we've been doing something like:
>
> # rsync -essh [rsync options] remotemachine:/
> /path/to/remotemachine's/backups
Looks pretty secure to me...but I also have a special ssh key on remote
root account, which is restricted to the IP of the host initiating the
backup and to the command which is produced by rsync on remote side.
Could anyone point out security problems with this method?
Of course, if you backup /etc/passwd/shadow whatever, the backups could
be used to hack into the remote system, but this is the problem with
backup *data* protection, not with the way that data is being
obtained...
Alex
>
> I'd prefer to not run the backup from the remote machines, as giving
> access to the backup machine from outside the firewall seems like a bad
> idea. I don't want a compromised box smashing backups. :-)
>
>
> _______________________________________________
> Whitebox-users mailing list
> Whitebox-users@beau.org
> http://beau.org/mailman/listinfo/whitebox-users