mixed system backups

Sam Couter sam at topic.com.au
Fri Jan 4 10:29:43 EST 2002

David Blackman <david at prometheus.com.au> wrote:
> Running with RSA or DSA keys as root is better than nothing, but it does
> mean that if someone cracks the machine doing the backup they crack all
> the machines being backed up as well, unless you are prepared to sit
> there typing pass-phrases as the backup script runs. Hope your firewall
> is good, and maybe you need a second one for just the backup machine.

Using SSH keys has one *HUGE* advantage over RSH, and that is forced
commands. You can dedicate a passphraseless key to doing backups, and on
each machine you want to backup, you add they key to authorized_keys
with a forced command of whatever starts sending backup data.
Sam Couter          |   Internet Engineer   |   http://www.topic.com.au/
sam at topic.com.au    |   tSA Consulting      |
OpenPGP key ID:       DE89C75C,  available on key servers
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20020104/e0acbdec/attachment.bin

More information about the linux mailing list