[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Secure rsync setup


I'm thinking of using rsync for backup purposes.
Sadly, the server (alpha) hosting the files I'd like to backup does not allow 
ssh or rsync connections - but I may execute rsync as a cron job or 
But I run a server (beta - debian sarge), that may serve as the rsync server, 
therefore I'd thought, that alpha may call beta to back up his data by using 
rsync over ssh and ssh-keys.
However, this requires alpha having a ssh-key. Furthermore I'm not in charge 
with alpha's security, thus I've to make sure, that a attacker, who gained 
access to alpha's ssh-key is not able to compromis beta (well, he might be 
able to delete / modify the backup'ed data, but this might be circumvented by 
regularly tar the backed up data).
Thus my question is: How should I configure / secure beta to prevent this?

I thought of using a new sarge installation in vmware, but this will require a 
lot of ressources I'm unwilling to spend.
I thought of an new sarge installation on Xen - but I don't none whether Xen 
is ready to be used in a hostile environment.
I thought of a sarge installation in a chroot enviroment, but I don't know 
whether a "tight (tightend by grsecurity)" chroot would allow ssh / rsync to 
be called.
I thought of just creating a user for that on beta and set appropiate 
permissions - but what kind of permission would be appropiate?

What do you think?

Reply to: