Re: Backups between servers
On Tue, Feb 08, 2005 at 08:57:18PM -0600, Rod Rodolico wrote:
> I have three web servers and would like them to back each other up.
> They host around 60 sites and a couple of hundred e-mail accounts.
> They are on the same subnet.
>
> In the past I have allowed root on one machine to ssh into the
> others as "authorized keys" so I could run rsync as a cron job. It
> works, but I'm worried about security. If the "master" machine is
> ever cracked, it gives a good loophole into the others.
>
> Any suggestions? Is there a way to authorize a machine to only
> execute a limited set of commands on another (ie, rsync).
Take a look at:
http://lts2www.epfl.ch/~jost/rsync.html
In short - you can setup ssh to allow running only rsync:
Add to your /root/.ssh/authorized_keys something like that (or better - have
only such lines in this file):
command="/root/bin/validate_rsync", ssh-dss PUBLIC_KEY localuser@localhost
Where validate_rsync is like:
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
rsync\ --server\ -vlogDtprz\ --delete\ .\ /backup_directory*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac
Regards,
Robert Tasarz
Reply to: