Jacob Yocom-Piatt wrote:
i have a script that runs on a single backup host and gathers dumps from other
machines on the network by ssh-ing into them as root using pubkey
authentication. allowing root access via ssh is, of course, not a good idea.
The "of course" part is dubious actually.
If you have the ability to maintain the machine by remote, you probably
have a way to become root equiv. If someone gets that, game over, anyway.
Making things more complicated just to comply with often chanted and
rarely though about slogans is unlikely to improve REAL security.
is
there an established method for keeping privileges lower when doing dumps, i.e.
add a user who can dump and not using root to do this?
another possibility is to have a script that runs on each host to be backed up
that transfers the dumps to the backup host. this method seems less elegant
since it means having a script on each host and further loading each host's disk
and processor.
What if you make your ssh key usable from only one location?
Stick a 'from="w.x.y.z", and only your backup machine will be able to
use the key. Heck, you can even restrict what commands are run.
See:
http://ezine.daemonnews.org/200411/openssh.html
for some well-done info from Saad Kadhi on this.
Nick.
