Re: utilisateur backup
On Fri, Jul 19, 2002 at 11:53:58AM +0200, Boris Daix wrote:
> Hi all,
>
> I'd like to make backup via cron and I saw there were a user
> named "backup" in passwd file. My problem is that the backups should
> travel via LAN to another machine (running Woody too), so that
> they backup eachother in fact. I'd like to use rsync to transfer only
> changes, with SSH to increase security, but my question is :
>
> - Can I safely give an SSH key to my backup user without any
> passphrase so that it could be automated via cron ?
I'd say, the security is that of your original account then. Say there
are the computers A and B, where A:backup has got access to B:backup by
a phraseless ssh-key. You can log on to account A:backup and ssh to
B:backup because of the phraseless key, therefor the maximum of the
security you can achive is the security of account A:backup.
> - Is amanda appropriate for this task and would it be more secure
> to use it instead ?
I am using it to backup a bunch of maschines on one tape also using
cron. I found it easy to configure and am quite satisfied. You can even
configure Amanda in a way that it only transfers changes. On the other
hand, Amanda is meant to dump backups on tapes. I cant tell you if there
is an easy way to reconfigure it.
> - If it is unsecure, how would I do such backups without having to
> enter passpgrase/passwd ?
>
What sort of security do you want? Do you want your backups be
encrypted? Amanda can't do that, to my knowledge.
Amanda provides some sort of restricted host access. But I cant tell, if
it would retain a determined attacker.
Otherwise I have not heart of exploits of amanda yet.
> Thanks a lot
>
> --
> Boris Daix
>
> "Feel free to be free, or not to be..."
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: