[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh and root logins

On Tue, Aug 10, 2004 at 09:31:38AM -0400, Dale E Martin wrote:
> > PermitRootLogin no
> > 
> > You will have to login as ordinary user, and than do "su -".
> That's not so convenient for doing nightly rsync backups over ssh though.
> I know what keys to expect coming in for this - hence the question about
> disallowing password login for root, but still allowing root login with
> known keys.

PermitRootLogin without-password

lets you use ssh keys to login as root, but not passwords.

If you have an ssh key lying about without a passphrase, who's sole
purpose is for backups, you may want to do the following in your
authorized_keys file (all on one line):

from="",command="/usr/local/sbin/ssh_command_allow_rsync",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAA.<insert actual key here>....== backup_key

where is the IP that backups will be originating from.

The script /usr/local/sbin/ssh_command_allow_rsync is something like:


# When used as the 'command' option in an authorized_keys file, this script
# permits only rsync backups to occur.

    rsync\ --server\ --sender\ *)
        logger -p auth.notice "rsync/ssh backup: $SSH_ORIGINAL_COMMAND"
        logger -p auth.alert "unexpected use of backup key: $SSH_ORIGINAL_COMMAND"

echo "Sorry, that command is not allowed." 1>&2
exit 1

This lets the backup key *only* run rsync in server mode. I
/believe/ this means that (short of finding a buffer overflow in
rsync) logins with this ssh key will only be able to read files, and
not be able to change anything. Though if anybody can find any flaws
in this scheme, I'd like to know :)


 Bernard Blackham <bernard at blackham dot com dot au>

Reply to: