[TriLUG] rsyncd.conf

Alan Porter porter at trilug.org
Fri Feb 10 21:26:36 EST 2006


>That's what PUBLIC keys are for, it's the private keys you want to
>keep secret, without one the other is worthless.
>  
>

In that case, let me give you my public key, and you add
it to YOUR /root/.ssh/authorized_keys file!

What I am trying to prevent is the "keys to the kingdom"
problem, where someone who has cracked the backup
box suddenly has root access to all machines on the
network.  (Keeping in mind, of course, that if they've
cracked the backup box, they already have a copy of
everyone's data).

Meanwhile, I like your sudo idea.  The backup user has
permission to do nothing except run the rsync script.

This gives me something to play with.  It's not quite as
tidy as the rsyncd approach, but: (1) create a backup user
(2) make sure your script is non-writable (3) give the user
sudo access to the script and (4) plant the server's public
key in his AK file.  And that sounds like it'll work.


So no one uses rsyncd?  I know that ssh is the Swiss
Army knife of the modern world, but still...


Alan





.




More information about the TriLUG mailing list