Re: restrict a root login via ssh to read-only fs access?

To: debian-isp@lists.debian.org
Subject: Re: restrict a root login via ssh to read-only fs access?
From: Claus Herwig <lists@checon.de>
Date: Sat, 21 Jan 2006 16:42:05 +0100
Message-id: <[🔎] 43D2564D.9040104@checon.de>
In-reply-to: <[🔎] 43D23AB0.6060303@zweipol.net>
References: <[🔎] 43D23AB0.6060303@zweipol.net>

Hello,

I've no direct answer to your question, but I'm using a quite similar
setup for my backup, and I tried another approach to increase security.

What you're doing is issuing the rdiff-backup command on the backup
destination machine and pulling the data from the source machine. I
found it useful to do it the other way round: I've put a cron job on the
source machine which invokes rdiff-backup to push its data to the
destination machine.

Disadvantage: the rdiff-backup --server command needs write access. Big
advantage: it only needs access to the backup directory, and not to the
whole machine.

So I can use
'ssh %s /usr/sbin/chroot /store/rdiff nice rdiff-backup --server'
as the remote schema.

Of course, you need a proper jail configuration in /store/rdiff for it
to work. I used jailtool to set this up. If you're interested, I could
provide the rdiff.jail config file for it.

Greets,
  Claus

-- 
CHECON   EDV-Consulting und Redaktion
         Claus Herwig * Barer Straße 70 * 80799 München
         +49 89 27826981 * Fax 27826982 * c.herwig@checon.de

Reply to:

Follow-Ups:
- Re: restrict a root login via ssh to read-only fs access?
  - From: Henrik Heil <hhml@zweipol.net>

References:
- restrict a root login via ssh to read-only fs access?
  - From: Henrik Heil <hhml@zweipol.net>

Prev by Date: Re: spf record
Next by Date: Re: spf record
Previous by thread: restrict a root login via ssh to read-only fs access?
Next by thread: Re: restrict a root login via ssh to read-only fs access?
Index(es):
- Date
- Thread