[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh and root logins



This one time, at band camp, Stephen Gran said:
> This one time, at band camp, Bernard Blackham said:
> > This lets the backup key *only* run rsync in server mode. I
> > /believe/ this means that (short of finding a buffer overflow in
> > rsync) logins with this ssh key will only be able to read files, and
> > not be able to change anything. Though if anybody can find any flaws
> > in this scheme, I'd like to know :)
> 
> As is kind of obvious, if I can compromise that key, I can do
> rsync -e ssh --delete /some/empty/dir root@yourhost:/
> or something, which isn't very nice :)

Err, disregard - I just now noticed the --server _--sender_ part of it -
no you should be fine, since that only allows pull jobs.

Sorry about that,
-- 
 -----------------------------------------------------------------
|   ,''`.					     Stephen Gran |
|  : :' :					 sgran@debian.org |
|  `. `'			Debian user, admin, and developer |
|    `-					    http://www.debian.org |
 -----------------------------------------------------------------

Attachment: pgpIsCSOUyFKZ.pgp
Description: PGP signature


Reply to: