L A Walsh via rsync <rsync@lists.samba.org> wrote: > On 2021/08/03 07:09, Chris Green via rsync wrote: > > I already have an rsync daemon server running elsewhere, I can add > > this requirement to that I think. Thank you. > > > ---- > > It seems to me, a safer bet would be to generate an ssh-cert > that allows a passwdless login from your sys to the remote. > The trouble with that is that it leaves a big security hole.
If (for example) I leave my laptop turned on somewhere, or someone wanders into my study where my desktop machine is they have instant, passwordless access to the remote backup machine. I try very hard to make my backups secure from attack so that if my desktop or laptop is compromised somehow the (remote) backups are still secure. The backup system that runs the rsync daemon has its rsync configured with 'refuse options = delete' so not only does someone with access to my desktop/laptop need to know the rsyncd username and password but they also cannot delete my existing backups. It runs incremental backups so nothing is ever overwritten either. -- Chris Green ยท -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
