[lug] Backup system ideas

Sean Reifschneider jafo at tummy.com
Sat May 28 18:33:09 MDT 2005


On Thu, May 26, 2005 at 06:29:48PM -0600, Ben Luey wrote:
>backup on the backup-computer. This strikes me as a bad idea since then if
>someone hacks the backup server, they have full access to the main server.

You should use the "command=" option for the SSH public key in the
authorized_hosts file, and limit that public key to running only exactly
the backup command, possibly even with limitations on what hosts can use
that key, etc.  See the section "AUTHORIZED_KEYS FILE FORMAT" in the sshd
man page for more information.

Sean
-- 
 I think it's the duty of the comedian to find out where the line is drawn
 and cross it deliberately.  -- George Carlin
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability




More information about the LUG mailing list