Thanks a lot for this information Nils.
Great.
Regards,
Romain
"Nils Breunese (Lemonbit)" <[EMAIL PROTECTED]>
Envoyé par : [EMAIL PROTECTED]
08/10/2007 10:02
A
[email protected]
cc
Objet
Re: [BackupPC-users] Using Rsync with SSH
Toni Van Remortel wrote:
> This is how I add a ssh-based client to my backup system:
> * On the backup server, the user backuppc generates a ssh-key
> (ssh-keygen -t rsa -f clientname) inside .ssh of the backuppc home
> directory. Passphrase is empty.
> * On the backup server, the file .ssh/config belonging to the backuppc
> user is updated with some needed info for the client (user to connect,
> ssh-key to use, port to use, ...)
> * The key is copied to the client (ssh-copyid -i clientname.pub
> client.domain.com) This action will ask if you trust this host. Answer
> 'yes' to add it to the know_hosts list.
>
> Finished. The user 'backuppc' has now root access to the client
> through
> SSH. Setting up BackupPC is now the most easy part: use rsync, set the
> clients directories to backup. Done.
>
> Why do I use a separate key for every client? Security! If someone can
> get 1 private key from my backup server, he/she can only connect to 1
> client instead of all my clients (70 at this moment).
> Yes it is a bit more work, but security is always more work.
I don't really see how using 70 keys is more secure than using one in
this case. Aren't all 70 passphrase-less private keys available in
the same location? If someone hacks his way to your backuppc user
then he can access all of your servers, regardless of whether you use
70 keys or just one. It's probably more secure to limit what your
backuppc user can execute on your clients (using sudo to only allow
the execution of /usr/bin/rsync with the flags you use for backup and
restore).
Nils Breunese.
[rattachement "PGP.sig" supprimé par Romain PICHARD/Mondeville/VIC/VALEO]
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
BackupPC-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
SC2N -S.A Siège Social : 2, Rue Andre Boulle - 94000 Créteil - 327 153
722 RCS Créteil
"This e-mail message is intended only for the use of the intended
recipient(s).
The information contained therein may be confidential or privileged, and
its disclosure or reproduction is strictly prohibited.
If you are not the intended recipient, please return it immediately to its
sender at the above address and destroy it."
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
BackupPC-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
