You are not logged in.
I'm going to be doing a backup of some files using rsnapshot, connecting to a linux server from a linux backup server. I don't allow root login via ssh for security reasons, but do have rsa keys set up for login by another use.
If I don't allow root login, I'm not sure how I backup all the files, since some are system files owned by root. If I create another user with enough permissions to read my root-owned files, don't I have the same problem as allowing a root login? I was thinking that perhaps making a user who is a member of the root group, but somehow that just sounds wrong.
I'd appreciate thoughts on ideas on where I want to go with this.
Last edited by timm (2011-03-01 13:19:01)
Offline
/etc/ssh/sshd_config:
PermitRootLogin forced-commands-only
/root/.ssh/authorized_keys
command="rdiff-backup --server --restrict-read-only /",from="172.31.0.160",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkyvLPAf90Xezte3NLlT6BQElVnKWRh9JaDycj2p1GzOyrpzPmZnezUqw1Pe/mv01xC7J7+uDWduJvRoHnZA3mA7Rn+ei8BikHnxXl+uAjv7wue53LZntSjxL8sYPrHqh95I3H2/WAhRtmI98TYiz+bUWo3CHsuFRjCjp7sXSjhFSxA7BHiRv8/RPK5EUajAngWGKwBWNW6e0vJLpj2/VlnMK/AzMA/sRuTdyqXsaAH2KqPjhGtmKQ8yYACLkWKBr4eM2LnpdZ6hD5o0b8iIgdaNbbihoJi3F28/bwmeTYVOHSVe0GKo+naSaUb8/J04CEIYOe8Xy+trnsf0VzgG5N Backup Key Comment
This will allow root login ONLY from the IP Address of your backup server (172.31.0.160 in my example). and the remote user will ONLY be able to execute rdiff-backup in read-only server mode.
Secure enough for me.
EDIT: Spelling.
Last edited by fukawi2 (2011-02-28 02:06:36)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Thanks, I'll work through that.
Offline