>>>> I'm using backupninja to backup data from my laptop, desktop, and >>>> remote server onto a remote desktop system. backupninja is very >>>> simple and is really just an interface to a few other programs >>>> including rdiff-backup. I'm not worried about a good restore method >>>> for now, I want to focus on keeping it simple and protecting my data. >>>> This is the first time I've set up a real backup system and I'd love >>>> to get some advice from you guys. I've got a few questions. >>>> >>>> 1. This is the first time I've used passwordless SSH keys. root on >>>> each system being backed up logs into the remote desktop as a normal >>>> user to store the backups. Is this pretty safe? I suppose if root is >>>> compromised on any of the three systems being backed up (via physical >>>> access or otherwise), the remote desktop will also be compromised as a >>>> normal user. Maybe that normal user should be extraordinarily >>>> unprivileged? >>> >>> You can limit SSH access to only certain commands. On the remote desktop >>> machine, you probably had to add an entry to the SSH authorized_keys >>> file. You can prefix that line with the command that the user is allowed >>> to run. For example (I use rdiff-backup too): >>> >>> command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding >>> ssh-rsa <big_ugly_key> >> >> I tried both that and simplified versions of it but it seems to >> prevent the login from working. It hangs on the following command, >> which works if I don't add the above: >> >> ssh -o PasswordAuthentication=no 1.2.3.4 -l user 'echo -n 1' > > That's the point? You can't log in (run /bin/bash) or do anything except > the command listed in the authorized_keys file.
I see what you're saying but don't I need to use the ssh command in order to use the rdiff-backup command? - Grant
