[OpenIndiana-discuss] Root as role vs. user and rsync

Bob Friesenhahn bfriesen at simple.dallas.tx.us
Mon May 7 14:36:26 UTC 2012


On Sun, 6 May 2012, Ignacio Marambio Catán wrote:

> There is one other option. Use ssh public key authentication to bypass
> the whole PAM/role nonsense and restrict what the user can do with the
> command option. See sshd(8) in its AUTHORIZED_KEYS FILE FORMAT section

That is what I do.  For even more security, the key triggers running a 
script which runs rsync in server mode over ssh using a rsync.conf 
configuration file specific to this purpose.  If someone was to gain 
access to the key, they could still only read data enabled to be read 
using the key.

I have been backing up multiple types of hosts with this strategy for 
four years now without a problem.

Bob
-- 
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/


More information about the OpenIndiana-discuss mailing list