[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] Post-setup questions

From: Dominic Raferd
Subject: Re: [rdiff-backup-users] Post-setup questions
Date: Fri, 19 Aug 2011 06:47:52 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20110617 Thunderbird/3.1.11

On 18/08/11 22:47, Grant wrote:

And, looking at the whole subject from a different angle: pushing also has
the large drawback that in case your laptop is stolen/lost/whatever, and you
use an ssh key for rdiff-backup to connect to your backup server, you risk
not only losing your 'real' systems, but the backup server can also be
compromised it an attacker starts using that key.
If I were to set up a separate user for each pushed backup and one of
the systems were compromised, only the compromised system's backups
would be accessible to the attacker (read/write unfortunately).

Practically this seems to me a pretty good solution. Push your backup from your laptop to a dedicated user on the (GNU/Linux) backup server, ensuring that its users cannot access (read or write) other users' data:

To ensure privacy for any new users on the backup server, in /etc/adduser.conf add/alter:

For existing users on the backup server, run:
sudo chmod 700 /home/*

When you create a user on the backup server, don't set a password i.e. login is only by public/private key authentication. Use a dedicated private key on the laptop for the backup, and put its public key on the backup server at (and only at) /home/[user]/.ssh/authorized_keys.

You need to be happy that there is nothing readable (or writeable) by a non-privileged user on the backup server that you would not want a hacker to see e.g. at /var/ or /opt/. For tighter security on the backup server you can limit the user to running a single command e.g. http://www.cmdln.org/2008/02/11/restricting-ssh-commands/.

If the laptop is stolen, remove the corresponding public key from the backup server so that the laptop can no longer get access. And even if the thief moved fast enough to get into the backup server before you could remove the public key, she could only access the backup history for that laptop, and she has the laptop's data already...


reply via email to

[Prev in Thread] Current Thread [Next in Thread]