Re: Re: Backups between servers

To: <debian-isp@lists.debian.org>
Subject: Re: Re: Backups between servers
From: "Atwood, Robert C" <r.atwood@imperial.ac.uk>
Date: Mon, 14 Nov 2005 11:21:59 -0000
Message-id: <[🔎] 60BD7AC787479D47A3D13E42D836101D98A708@icex4.ic.ac.uk>

Also, if someone has the access as root on the 'from' machine, they can just use rsync to replace the validate_rsync script or the authorized_keys with whatever they want, even if it is chmod -w , assuming they can guess where it is located -- also they can use rsync to list directorys so if it is called 'validate_rsync' it might be easy to find. Or , replace the authorized_keys file with a different one.

Better use chattr +i on the validate_rsync and authorized_keys and known_hosts files. Of course, someone could then replace rsync itself...

Robert

> I may have missed earlier parts of this conversation before I subscribed to this list, but one

>thing I recently discovered that helps make this even more secure is setting:

>PermitRootLogin forced-commands-only

>in /etc/ssh/sshd_config.

>FWIW,
>Charles

--

Thanks, I finally got around to doing this. Works very nice and I
feel much more secure. One caveat to anyone else trying this; in
authorized _keys, the space after the comma separating the optional
command parameter and the actual key is required!

Again, thanks for all the help. Works very nicely.

Rod

On Tue, Feb 08, 2005 at 08:57:18PM -0600, Rod Rodolico wrote:

I have three web servers and would like them to back each other
up.
They host around 60 sites and a couple of hundred e-mail accounts.
They are on the same subnet.

In the past I have allowed root on one machine to ssh into the
others as "authorized keys" so I could run rsync as a cron job. It
works, but I'm worried about security. If the "master" machine is
ever cracked, it gives a good loophole into the others.

Any suggestions? Is there a way to authorize a machine to only
execute a limited set of commands on another (ie, rsync).


Take a look at:
http://lts2www.epfl.ch/~jost/rsync.html

In short - you can setup ssh to allow running only rsync:
Add to your /root/.ssh/authorized_keys something like that (or
better - have
only such lines in this file):

command="/root/bin/validate_rsync", ssh-dss PUBLIC_KEY
localuser@localhost

Where validate_rsync is like:
#!/bin/sh

case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
rsync\ --server\ -vlogDtprz\ --delete\ .\ /backup_directory*)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac

Regards,
 Robert Tasarz


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Prev by Date: Re: New iproute in unstable
Next by Date: Re: Recommendations for server: Intel E7520
Previous by thread: Re: New iproute in unstable
Next by thread: FiberOptic Backbone and frustration
Index(es):
- Date
- Thread