On 2011-08-18 22:25, Maarten Bezemer wrote:
On Mon, 15 Aug 2011, Grant wrote:
[snip]
I realized today that since the backup server needs root access on
each of the machines, I won't be able to disallow root logins. Is
that correct? If so, isn't that a major drawback to pulling?
You can disallow root logins using password authentication, and set
PermitRootLogin without-password in /etc/ssh/sshd_config. That would
be secure against any dictionary attack launched against the root
account.
And, looking at the whole subject from a different angle: pushing
also has the large drawback that in case your laptop is
stolen/lost/whatever, and you use an ssh key for rdiff-backup to
connect to your backup server, you risk not only losing your 'real'
systems, but the backup server can also be compromised it an attacker
starts using that key.
Both types of private key abuse could possible be mitigated by using
passphrase-protected private keys. Then you're back at the 'default'
risk of keyloggers intercepting these passphrases...
There is a third solution, designed specifically for that kind of
problem. You can put a command= option in front of your key in the
authorized_keys file to restrict the usage of the key to a specific [set
of] command. See AUTHORIZED_KEYS FILE FORMAT in "man sshd".
N.
_______________________________________________
rdiff-backup-users mailing list at rdiff-backup-users@nongnu.org
https://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
