Re: Question about ssh passwords and backup software

To: debian-user@lists.debian.org
Subject: Re: Question about ssh passwords and backup software
From: vogelke+debian@pobox.com (Karl Vogel)
Date: Mon, 13 Feb 2012 20:39:41 -0500 (EST)
Message-id: <[🔎] 20120214013943.97494BFA3@kev.msw.wpafb.af.mil>
Reply-to: vogelke+debian@pobox.com
In-reply-to: <[🔎] em2o09x547.ln2@news.roaima.co.uk> (message from Chris Davies on Mon, 13 Feb 2012 18:51:26 +0000)
References: <[🔎] 20120213173652.GA26236@big.lan.gnu> <[🔎] 4F394B4D.9090109@biotec.tu-dresden.de> <[🔎] em2o09x547.ln2@news.roaima.co.uk>

>> Alex Mestiashvili <alex@biotec.tu-dresden.de> wrote:

A> I would simply use a passwordless ssh-key with a wrapper on the remote
A> side which allows to run only the backup command .

>> On Mon, 13 Feb 2012 18:51:26 +0000, 
>> Chris Davies <chris-usenet@roaima.co.uk> said:

C> I'd agree with this, but use passwordless public/private keys with a
C> restricted target command:
C>  command="backup-service",no-pty,no-port-forwarding ssh-rsa BLAHBLAH...

   If the box from which you're copying has a static hostname or IP
   address, include that as well:

    from="1.2.3.4",command="backup-service",no-pty,no-port-forwarding ...

-- 
Karl Vogel                      I don't speak for the USAF or my company

Why Trick or Treating is Better than Sex #10:
  You are guaranteed to get at least a little something in the sack.

Reply to:

References:
- Question about ssh passwords and backup software
  - From: Paul E Condon <pecondon@mesanetworks.net>
- Re: Question about ssh passwords and backup software
  - From: Alex Mestiashvili <alex@biotec.tu-dresden.de>
- Re: Question about ssh passwords and backup software
  - From: Chris Davies <chris-usenet@roaima.co.uk>

Prev by Date: Suggestions regarding a PCI-X card.
Next by Date: Re: Stupid shell question
Previous by thread: Re: Question about ssh passwords and backup software
Next by thread: Re: Question about ssh passwords and backup software
Index(es):
- Date
- Thread