On 9/23/10 3:21 AM, IvyAlice wrote:
Hello Less Micksell,
Thank you for your reply.
I use the daemon rsyncd cause the security guy told me that this solution is
more secure than using rsync/ssh without password between the machines
(backuppc is installed on a real server used for other things, too)
I wouldn't agree with that, but the security weaknesses are different. With
ssh
keys, security depends entirely on protecting the private side of the key pair.
Anyone who can be root or the backuppc user on the backuppc server can steal
the identity file and get root access to the remote servers - and you should
assume that anyone who has physical access to the server could do this, perhaps
by booting a live cd to bypass its passwords. However, as long as the private
key is protected, ssh sessions are fairly secure and the data over the network
is encrypted. Perhaps your security guy misunderstood and thought you needed
to
remove the root password, which is not necessary when using ssh keys. Running
rsyncd instead, you also have the issue of your passwords being stored in plain
text on the server and the data being passed over the network without
encryption
- but you do have some control of which files can be accessed.
It is also possible to make the ssh connection as a non-root user, then use
sudo
to become root with restrictions on the possible commands. I think the details
for this are posted on the wiki somewhere, but basically if you permit restores
you can pretty much do anything to the target machines anyway.
When I launch the command from the server to the host :
#rsync -av MyClient:backupETC
#receiving incremental file list
#drwxr-xr-x4096 2010/09/23 07:57:29 backupETC
#sent 12 bytes received 47 bytes 16.86 bytes/sec
Add a trailing / to see the contents: rsync -av MyClient::backupETC/
--
Les Mikesell
lesmikes...@gmail.com
--
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
___
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List:https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/