Re: rsync over lan
Sorry about the previous (useless) message.
On 2008-Sep-9, at 9:17 PM, tyler wrote:
In order to preserve the ownerships, I have to run
the above command as root, which requires that I configure sshd on the
desktop to accept root logins. Even behind a NAT router, that doesn't
seem like a good idea. Am I missing something?
As others have mentioned, there are ways to make this more secure.
Allow root logins 'without-password' and create a key-pair. You can
restrict it further in `authorized_keys` on the client side by adding
things like this:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
I also prefer to use rsync to "pull" rather than "push" for backups
(especially when root is involved). In other words, have the machine
that stores the backups locked down as tight as possible and give it
root access to the machines you want backed up. That way, if a
"client" machine gets compromised, it doesn't have automatic root
access to where all of your backups live. In your case, the desktop
should be able to get into the laptop as root, but not the other way
around.
The drawback is, in your case, the laptop might not always be powered
on or it might not always be on the same network as the desktop
machine, so you can't set up a simple schedule.
---
Rob McBroom
<http://www.skurfer.com/>
Reply to: