On Sun, 17 Dec 2006 17:20:33 +0100 Thorsten Schmidt wrote: > However, this requires alpha having a ssh-key. Furthermore I'm not in > charge with alpha's security, thus I've to make sure, that a > attacker, who gained access to alpha's ssh-key is not able to > compromis beta (well, he might be able to delete / modify the > backup'ed data, but this might be circumvented by regularly tar the > backed up data). Thus my question is: How should I configure / secure > beta to prevent this?
On my beta, I have a ssh-key in authorized_keys with the following content: from="my.dns.net",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="rsync --server -vulogDtprz --delete . /path/to/backup" So my rsync cron can only execute rsync on the other side (rsync-server does not need to be running). Don't ask where I do have the whole command line from, think I started with an "open" ssh-key and ran rsync in very-verbose or so. -- ^^^ | Evgeni -SargentD- Golov ([EMAIL PROTECTED]) d(O_o)b | PGP-Key-ID: 0xAC15B50C >-|-< | WWW: http://www.die-welt.net ICQ: 54116744 / \ | IRC: #sod @ irc.german-freakz.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
