That's what PUBLIC keys are for, it's the private keys you want to keep secret, without one the other is worthless.
In that case, let me give you my public key, and you add it to YOUR /root/.ssh/authorized_keys file! What I am trying to prevent is the "keys to the kingdom" problem, where someone who has cracked the backup box suddenly has root access to all machines on the network. (Keeping in mind, of course, that if they've cracked the backup box, they already have a copy of everyone's data). Meanwhile, I like your sudo idea. The backup user has permission to do nothing except run the rsync script. This gives me something to play with. It's not quite as tidy as the rsyncd approach, but: (1) create a backup user (2) make sure your script is non-writable (3) give the user sudo access to the script and (4) plant the server's public key in his AK file. And that sounds like it'll work. So no one uses rsyncd? I know that ssh is the Swiss Army knife of the modern world, but still... Alan . -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
