Quoting Amos Shapira, from the post of Thu, 14 Feb: > On Wed, Feb 13, 2008 at 4:04 PM, Eran Tromer <[EMAIL PROTECTED]> wrote: > > > Better yet, you don't need to run anything other than 'tar' as root. > > Just put the 'tar czf - /home' command in a suid-root binary that's > > executable only be a dedicated user, say [EMAIL PROTECTED], and then: > > $ rexecsync -v 'ssh [EMAIL PROTECTED]' 'path-to-suid' /backups/client.tgz > > > Actually, the "Right Way(TM)" to do this is to setup an account with a > public key which can only execute this command specified with the "command="
that limits the actions on the remote machine, but doesn't solve the problem of an UN-encrypted key. one mid-way solution is running an ssh-agent for that task and keeping its environment settings in a shell file for the task to source each time it is invoked. it's suboptimal since you still keep the key UN-encrypted in RAM and you need to add the key to the agent after a reboot, but those are the same concessions you do with an Apache's SSL key as well. -- Village idiot Ira Abramov http://Ira.Abramov.org/email/ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
