Re: Secure rsync setup

To: debian-security@lists.debian.org
Subject: Re: Secure rsync setup
From: Evgeni Golov <sargentd@die-welt.net>
Date: Sun, 17 Dec 2006 17:32:22 +0100
Message-id: <[🔎] em3rem$oll$1@sea.gmane.org>
References: <[🔎] 200612171720.33888.meine_mailings@web.de>

On Sun, 17 Dec 2006 17:20:33 +0100 Thorsten Schmidt wrote:

> However, this requires alpha having a ssh-key. Furthermore I'm not in
> charge with alpha's security, thus I've to make sure, that a
> attacker, who gained access to alpha's ssh-key is not able to
> compromis beta (well, he might be able to delete / modify the
> backup'ed data, but this might be circumvented by regularly tar the
> backed up data). Thus my question is: How should I configure / secure
> beta to prevent this?

On my beta, I have a ssh-key in authorized_keys with the following
content:
from="my.dns.net",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="rsync
--server -vulogDtprz --delete . /path/to/backup"

So my rsync cron can only execute rsync on the other side
(rsync-server does not need to be running).
Don't ask where I do have the whole command line from, think I started
with an "open" ssh-key and ran rsync in very-verbose or so. 

-- 
   ^^^    | Evgeni -SargentD- Golov (sargentd@die-welt.net)
 d(O_o)b  | PGP-Key-ID: 0xAC15B50C
  >-|-<   | WWW: http://www.die-welt.net   ICQ: 54116744
   / \    | IRC: #sod @ irc.german-freakz.net

Reply to:

References:
- Secure rsync setup
  - From: Thorsten Schmidt <meine_mailings@web.de>

Prev by Date: Re: Can ssh host keys be added to a gpg keyring?
Next by Date: Re: Secure rsync setup
Previous by thread: Secure rsync setup
Next by thread: Re: Secure rsync setup
Index(es):
- Date
- Thread