> As others have mentioned, it will be a good idea to implement the backups so > that you will be pulling data from the less trusted source to your backup > server (the more trusted one).
Thanks Lari, that's a great point. So you are basically saying I should not create a restricted user on the server (trusted machine), but instead the untrusted client should be the one providing ssh access to the server. the server will just pull the data from the untrusted client. Is that what you meant? For the recovery though, how would you envision that? > I can recommend Restic over Rclone over SSH for limited, append-only access. Thank you Stefan. restic seems to be a very interesting solution. I also came across rustic. How do you feel about it (if you have experience with it)? In theory, rust is nice, but it's newer software, so might be less tested. > Alternatively, you can use the Restic REST Server I like this option, thanks for pointing it out. Do you have a sense of whether it's more or less secure than the SSH option? Again, from the perspective of considering the client to be a motivated attacker trying to compromise the server via their access.
