On 10/06/2010 01:40 PM, Grant wrote: >>> I'm using backupninja to backup data from my laptop, desktop, and >>> remote server onto a remote desktop system. backupninja is very >>> simple and is really just an interface to a few other programs >>> including rdiff-backup. I'm not worried about a good restore method >>> for now, I want to focus on keeping it simple and protecting my data. >>> This is the first time I've set up a real backup system and I'd love >>> to get some advice from you guys. I've got a few questions. >>> >>> 1. This is the first time I've used passwordless SSH keys. root on >>> each system being backed up logs into the remote desktop as a normal >>> user to store the backups. Is this pretty safe? I suppose if root is >>> compromised on any of the three systems being backed up (via physical >>> access or otherwise), the remote desktop will also be compromised as a >>> normal user. Maybe that normal user should be extraordinarily >>> unprivileged? >> >> You can limit SSH access to only certain commands. On the remote desktop >> machine, you probably had to add an entry to the SSH authorized_keys >> file. You can prefix that line with the command that the user is allowed >> to run. For example (I use rdiff-backup too): >> >> command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding >> ssh-rsa <big_ugly_key> > > I tried both that and simplified versions of it but it seems to > prevent the login from working. It hangs on the following command, > which works if I don't add the above: > > ssh -o PasswordAuthentication=no 1.2.3.4 -l user 'echo -n 1'
That's the point? You can't log in (run /bin/bash) or do anything except the command listed in the authorized_keys file. > Should it be working? I noticed I have ssh-dss instead of your ssh-rsa. That's just the key type, doesn't matter.
