I've been trying to figure out a good way of increasing the security related to my backuppc ssh keys. I'm using rsync to backup Linux machines over the internet, and backuppc is given root access to those machines. I don't like allowing ssh access to root and I'm trying to come up w/ a way to reduce the risk.
The first thing I tried was adding this to sshd_config: PermitRootLogin forced-commands-only This works. Root's authorized_keys file needs to look like this: command="rsync ....<full rsync command>..." ssh-rsa ASD:BOJdaf;sdjfapo... The problem is this only allows *one* command to be run. I need to run multiple commands because I'm backing up multiple shares (and each share backup uses a different rsync command, because it specifies the directory to be backed up). This web page describes a way of handling multiple forced commands, using a perl script. http://www.hackinglinuxexposed.com/articles/20030115.html It doesn't seem to be maintained, though, and I don't know anything about perl or enough about security in general to judge for myself whether this is secure. Any opinions? So to summarize, I'm looking for a way to limit what root can do through ssh. I'd appreciate any suggestions you folks could give me. Thanks -Rob ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ BackupPC-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/backuppc-users http://backuppc.sourceforge.net/
