Re: Secure rsync setup
On Sun, 17 Dec 2006 17:20:33 +0100 Thorsten Schmidt wrote:
> However, this requires alpha having a ssh-key. Furthermore I'm not in
> charge with alpha's security, thus I've to make sure, that a
> attacker, who gained access to alpha's ssh-key is not able to
> compromis beta (well, he might be able to delete / modify the
> backup'ed data, but this might be circumvented by regularly tar the
> backed up data). Thus my question is: How should I configure / secure
> beta to prevent this?
On my beta, I have a ssh-key in authorized_keys with the following
--server -vulogDtprz --delete . /path/to/backup"
So my rsync cron can only execute rsync on the other side
(rsync-server does not need to be running).
Don't ask where I do have the whole command line from, think I started
with an "open" ssh-key and ran rsync in very-verbose or so.
^^^ | Evgeni -SargentD- Golov (email@example.com)
d(O_o)b | PGP-Key-ID: 0xAC15B50C
>-|-< | WWW: http://www.die-welt.net ICQ: 54116744
/ \ | IRC: #sod @ irc.german-freakz.net