>> I'm setting up an automated rdiff-backup system and I'm stuck between >> pushing the backups to the backup server, and pulling the backups to >> the backup server. If I push, I have to allow read/write access of my >> backups via SSH keys. If I pull, I have to enable root logins on each >> system to be backed-up, allow root read access of each system via SSH >> keys, and I have to deal with openvpn or ssh -R so my laptop can back >> up from behind foreign routers. The conventional wisdom online seems >> to indicate pulling is better, but pushing seems like it might be >> better to me. Do you push or pull? > > I would push, to be honest.
What can be done about the fact that any attacker who can break into a system and wipe it out can also wipe out its backups? That negates one of the reasons for making the backups in the first place. Should private SSH keys be excluded from the backup? Should anything else be excluded? - Grant
