On Tue, Feb 08, 2005 at 08:57:18PM -0600, Rod Rodolico wrote:
I have three web servers and would like them to back each other
up.
They host around 60 sites and a couple of hundred e-mail accounts.
They are on the same subnet.
In the past I have allowed root on one machine to ssh into the
others as "authorized keys" so I could run rsync as a cron job. It
works, but I'm worried about security. If the "master" machine is
ever cracked, it gives a good loophole into the others.
Any suggestions? Is there a way to authorize a machine to only
execute a limited set of commands on another (ie, rsync).
Take a look at:
http://lts2www.epfl.ch/~jost/rsync.html
In short - you can setup ssh to allow running only rsync:
Add to your /root/.ssh/authorized_keys something like that (or
better - have
only such lines in this file):
command="/root/bin/validate_rsync", ssh-dss PUBLIC_KEY
localuser@localhost
Where validate_rsync is like:
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
rsync\ --server\ -vlogDtprz\ --delete\ .\ /backup_directory*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac
Regards,
Robert Tasarz
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org