Re: rsync over lan

To: debian-user@lists.debian.org
Subject: Re: rsync over lan
From: Rob McBroom <debian@skurfer.com>
Date: Wed, 10 Sep 2008 10:59:25 -0400
Message-id: <[🔎] B129EAB9-E808-4273-A443-89A4FD15CE46@skurfer.com>
In-reply-to: <[🔎] 877i9kvlx4.fsf@blackbart.sedgenet>
References: <[🔎] 877i9kvlx4.fsf@blackbart.sedgenet>

Sorry about the previous (useless) message.

On 2008-Sep-9, at 9:17 PM, tyler wrote:

In order to preserve the ownerships, I have to run
the above command as root, which requires that I configure sshd on the
desktop to accept root logins. Even behind a NAT router, that doesn't
seem like a good idea. Am I missing something?

As others have mentioned, there are ways to make this more secure.Allow root logins 'without-password' and create a key-pair. You canrestrict it further in `authorized_keys` on the client side by addingthings like this:


    no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

I also prefer to use rsync to "pull" rather than "push" for backups(especially when root is involved). In other words, have the machinethat stores the backups locked down as tight as possible and give itroot access to the machines you want backed up. That way, if a"client" machine gets compromised, it doesn't have automatic rootaccess to where all of your backups live. In your case, the desktopshould be able to get into the laptop as root, but not the other wayaround.

The drawback is, in your case, the laptop might not always be poweredon or it might not always be on the same network as the desktopmachine, so you can't set up a simple schedule.


---
Rob McBroom
<http://www.skurfer.com/>

Reply to:

References:
- rsync over lan
  - From: tyler <tyler.smith@mail.mcgill.ca>

Prev by Date: Re: Remote administration of a machine behind NAT
Next by Date: Re: Way OT: OpenDNS
Previous by thread: Re: rsync over lan
Next by thread: Re: rsync over lan
Index(es):
- Date
- Thread