ssh backup strategy; root login [solved]

timm · 2011-02-27 23:26:10

I'm going to be doing a backup of some files using rsnapshot, connecting to a linux server from a linux backup server. I don't allow root login via ssh for security reasons, but do have rsa keys set up for login by another use.

If I don't allow root login, I'm not sure how I backup all the files, since some are system files owned by root. If I create another user with enough permissions to read my root-owned files, don't I have the same problem as allowing a root login? I was thinking that perhaps making a user who is a member of the root group, but somehow that just sounds wrong.

I'd appreciate thoughts on ideas on where I want to go with this.

Last edited by timm (2011-03-01 13:19:01)

fukawi2 · 2011-02-28 02:05:55

/etc/ssh/sshd_config:

PermitRootLogin forced-commands-only

/root/.ssh/authorized_keys

command="rdiff-backup --server --restrict-read-only /",from="172.31.0.160",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkyvLPAf90Xezte3NLlT6BQElVnKWRh9JaDycj2p1GzOyrpzPmZnezUqw1Pe/mv01xC7J7+uDWduJvRoHnZA3mA7Rn+ei8BikHnxXl+uAjv7wue53LZntSjxL8sYPrHqh95I3H2/WAhRtmI98TYiz+bUWo3CHsuFRjCjp7sXSjhFSxA7BHiRv8/RPK5EUajAngWGKwBWNW6e0vJLpj2/VlnMK/AzMA/sRuTdyqXsaAH2KqPjhGtmKQ8yYACLkWKBr4eM2LnpdZ6hD5o0b8iIgdaNbbihoJi3F28/bwmeTYVOHSVe0GKo+naSaUb8/J04CEIYOe8Xy+trnsf0VzgG5N Backup Key Comment

This will allow root login ONLY from the IP Address of your backup server (172.31.0.160 in my example). and the remote user will ONLY be able to execute rdiff-backup in read-only server mode.

Secure enough for me.

EDIT: Spelling.

Last edited by fukawi2 (2011-02-28 02:06:36)

timm · 2011-03-01 13:18:25

Thanks, I'll work through that.

Arch Linux

#1 2011-02-27 23:26:10

ssh backup strategy; root login [solved]

#2 2011-02-28 02:05:55

Re: ssh backup strategy; root login [solved]

#3 2011-03-01 13:18:25

Re: ssh backup strategy; root login [solved]

Board footer