[lug] Backup system ideas
Sean Reifschneider
jafo at tummy.com
Sat May 28 18:33:09 MDT 2005
On Thu, May 26, 2005 at 06:29:48PM -0600, Ben Luey wrote:
>backup on the backup-computer. This strikes me as a bad idea since then if
>someone hacks the backup server, they have full access to the main server.
You should use the "command=" option for the SSH public key in the
authorized_hosts file, and limit that public key to running only exactly
the backup command, possibly even with limitations on what hosts can use
that key, etc. See the section "AUTHORIZED_KEYS FILE FORMAT" in the sshd
man page for more information.
Sean
--
I think it's the duty of the comedian to find out where the line is drawn
and cross it deliberately. -- George Carlin
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability
More information about the LUG
mailing list