- he installs a sniffer or uses another method to get access to you
duplicity backup host
- he deletes your hole home folder
- he deletes yours backups from your backup host
Is anybody dealing with this situation right now? How?
Sorry to hear you're having problems.
Luckily, I don't have this problem. But better be safe than sorry. :)
Thank you very much for your feedback. I observe that there are two
solutions:
1) Also store backup off-site.
2) Backup-host initiated backup.
I would like to add another idea and know what you're thinking about it.
Everything duplicity needs for ???normal??? backup operations is to list
files, read files and create new (non-existing) files. So I thought
about creating a restricted SFTP server, which would allow exactly these
three operations. Then an evil attacker could not compromise backups.
A user who has an SSH account on a backup host, would use two keys:
a) not-password-protected, restricted to SFTP
b) password-protected, restricted to backup maintainance, which he
should actually *never* use