mixed system backups
Sam Couter
sam at topic.com.au
Fri Jan 4 10:29:43 EST 2002
David Blackman <david at prometheus.com.au> wrote:
>
> Running with RSA or DSA keys as root is better than nothing, but it does
> mean that if someone cracks the machine doing the backup they crack all
> the machines being backed up as well, unless you are prepared to sit
> there typing pass-phrases as the backup script runs. Hope your firewall
> is good, and maybe you need a second one for just the backup machine.
Using SSH keys has one *HUGE* advantage over RSH, and that is forced
commands. You can dedicate a passphraseless key to doing backups, and on
each machine you want to backup, you add they key to authorized_keys
with a forced command of whatever starts sending backup data.
--
Sam Couter | Internet Engineer | http://www.topic.com.au/
sam at topic.com.au | tSA Consulting |
OpenPGP key ID: DE89C75C, available on key servers
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20020104/e0acbdec/attachment.bin
More information about the linux
mailing list