[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Secure setup

From: Mathias de Riese
Subject: Re: [Duplicity-talk] Secure setup
Date: Thu, 16 Dec 2004 10:46:48 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913

Thomas Tempé (Johnix) wrote:

Should I set up a chrooted sshd on a non-standard port, with a
different /etc/passwd?

Should I create an account and mess with Pam so that the given user
cannot do anything else than use SCP?
I did something similar, but not with PAM: I set up a user with a special
script as shell. I wont publish it, but it basically checks, wether it is called
with parameters
"-c scp -f /dir/where/the/backup/should/go"
"-c scp -t /dir/where/the/backup/should/go"
"-c ls /dir/where/the/backup/should/go"

In my case the client is not really untrusted. However, it uses an unprotected ssh key
to perform a daily backup via cron.

I am not at all shure, wether my method is really secure. Just an idea.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]