[Dirvish] Push Backups?

Eric Searcy emsearcy at gmail.com
Fri Nov 14 19:40:02 UTC 2008


Quentin Hartman wrote:
> I know Keith doesn't like them, but I prefer to have my backups run
> via push, rather than pull. I prefer this because I can have the
> backup job run as a privileged user (necessary to read all the files)
> locally but then connect to the backup server as a normal user. This
> means I don't have the potential exposure of allowing remote
> root-level logins on my servers, or having passwordless keys for root
> running around. I think this is a good thing. It makes key management
> a bit more secure and sane (imho).

Here's another way to harden pulls: use
PermitRootLogin forced-commands-only
in your sshd_config.  This means that for root, only pubkey logins are
allowed, but furthermore, only pubkey logins that have command="" forced
in authorized_keys.

So, you create a passwordless key, yes, but force the only command that
is run when that key is used to be `rsync --server'.  This page [1] goes
even further and has a middle-man script to check to make sure the
person isn't trying to pass shell commands (at least, I think that's
what his validate-rsync is doing from a cursory glance).

It's also good to restrict the connecting host using from="" in
authorized keys (they hide those options in the man page for sshd).

One way I've done user-initiated pushes before when I had to (a laptop
that wasn't online all the time).  Have a passworded root key on the
local machine.  Using a ssh agent, make an ssh connection to the dirvish
server with agent forwarding enabled, and inside that connection
initiate the pull.  It'll see the forwarded agent in the environment,
and use that keystore to do the pull.  At this point, depending on your
agent, you'll be prompted for the password to your key.  More of a
client-initiated-pull than a push, but it works for some scenarios and
avoids the passphraseless key.

-Eric

[1] http://troy.jdmz.net/rsync/index.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://www.dirvish.org/pipermail/dirvish/attachments/20081114/98b72104/attachment.bin 


More information about the Dirvish mailing list