[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] Security problem with rdiff over ssh?

From: Aneurin Price
Subject: Re: [rdiff-backup-users] Security problem with rdiff over ssh?
Date: Fri, 28 May 2010 00:23:49 +0100

On Thu, May 27, 2010 at 23:00, feffer
<address@hidden> wrote:
> I'm running rdiff-backup over ssh with an unattended cron script using an ssh 
> key-pair proceedure described here 
> (http://arctic.org/~dean/rdiff-backup/unattended.html). My script works fine, 
> but I'm wondering about security. It is generally considered a bad idea to 
> allow root login to ssh, but I cannot preserve ownership and permissions if I 
> disallow root login.
> Is this really a problem since my machines are behind a router on my LAN? The 
> ssh key-pairs are not password protected, but isn't the only real security 
> threat losing the private key?
> Is there a way to lock this down a bit more while still enabling unattended 
> backups?

Do you really need the permissions on the server to be set correctly,
rather than simply when you restore? If not, I thought rdiff-backup
could save and restore permissions separately from the files in
question, allowing you to record them without needing to be root.
Alternatively you could use metastore
(http://david.hardeman.nu/software.php) which can save file metadata
to a file, allowing you to restore it at a later date.

Both of these still require root privileges on the client machine when
backing up (unless everything is world-readable) and when restoring in
order to reset the permissions, but not on the destination machine.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]