[Dirvish] pushing backups

Jon Radel jon at radel.com
Tue Oct 11 17:04:34 PDT 2005


To quote myself:  "If you put some effort into it."  The most coherent 
explanation of one scheme I've seen is in O'Reilly's book on SSH.

You are completely correct that if you simply use "command=" it won't 
work very well, for exactly the reasons you outline.

--Jon Radel
jon at radel.com

Mateusz Pospieszny wrote:
> On Tue, 2005-10-11 at 17:33 -0400, Jon Radel wrote:
> 
> 
>>Also, you should keep in mind that just because you allow ssh access to 
>>your client boxes doesn't mean you have to allow interactive logins, or 
>>access to commands other than rsync for that matter.  If you put some 
>>effort into it, you can lock down your certificate to allow access only 
>>to rsync, in which case the person who cracked your backup server can 
>>only use rsync.  Not completely cracker-proof, but I wouldn't go calling 
>>it "easily access."  In any case, if your backup server is fully 
>>compromised, all of your data is compromised, which means that game is 
>>mostly over anyway.
>>
> 
> 
> As far as i know the only way i lock down the certificate to allow
> access only to rsync is the "command=" option which basically means "no
> matter what the client is asking for, run this command exactly as
> specified.
> If i am not mistaken i would have to specify it exactly as my backup job
> invokes rsync normally. Which would mean:
> 
> 1. if i change backup options on the backup server they would be
> completly ignored on the client machine, i would have to make sure all
> the rsync options are properly matching the config again.
> 
> 2. this is on per-key basis so then i would have to tell dirvish to use
> as many keys per machine as many vaults it has (in my case i have one
> vault per pertition)
> 
> in short, the stuff is starting to get a little complicated here. Maybe
> there is an easier way to lock this down ?
>  
> 
>>BTW, on the client machine you don't need to run as root unless you're 
>>backing up files only root can read.  I have some special purpose 
>>servers where I use an account with little privilege to backup some 
>>critical data, but I leave the system files alone, as rebuilding the 
>>server would be faster than trying to do a restore.
> 
> 
> unfortunatelly i do have to backup the whole root partion on my servers
> because they contain a lot of custom stuff compiled specifically for the
> client machine...
> 
> 
> 
> _______________________________________________
> Dirvish mailing list
> Dirvish at dirvish.org
> http://www.dirvish.org/mailman/listinfo/dirvish



More information about the Dirvish mailing list