How to manage root<-->root rsync keeping permissions?

raf rsync at raf.org
Sat Aug 7 15:14:22 UTC 2021 

On Sat, Aug 07, 2021 at 11:44:34AM +0100, Chris Green via rsync <rsync at lists.samba.org> wrote:

> L A Walsh via rsync <rsync at lists.samba.org> wrote:
> > On 2021/08/03 07:09, Chris Green via rsync wrote:
> > > I already have an rsync daemon server running elsewhere, I can add
> > > this requirement to that I think.  Thank you.
> > >   
> > ----
> > 
> > It seems to me, a safer bet would be to generate an ssh-cert
> > that allows a passwdless login from your sys to the remote.
> > 
> The trouble with that is that it leaves a big security hole.
> 
> If (for example) I leave my laptop turned on somewhere, or someone
> wanders into my study where my desktop machine is they have instant,
> passwordless access to the remote backup machine.
> I try very hard to make my backups secure from attack so that if my
> desktop or laptop is compromised somehow the (remote) backups are
> still secure.

You can use my sshdo program (https://github.com/raforg/sshdo)
to solve this problem. It limits the commands that a
key is allowed to execute to just those commands that
it has been trained on and nothing else. It makes it OK
to have an unencrypted ssh key used for automated or
scripted actions such as backups. The key can only be
used to execute the exact commands that you need it to.

It works by allowing everything during a brief learning
period, and then you tell it to add the commands that
have been encountered to its policy and disallow
anything else. You can also periodically unlearn or
relearn as needed. It does all the heavy lifting. You
just have to examine what it's seeing, and decide if it
should be added to the policy.

> The backup system that runs the rsync daemon has its rsync configured
> with 'refuse options = delete' so not only does someone with access to
> my desktop/laptop need to know the rsyncd username and password but
> they also cannot delete my existing backups.  It runs incremental
> backups so nothing is ever overwritten either.
> 
> -- 
> Chris Green

cheers,
raf

More information about the rsync mailing list