[OpenIndiana-discuss] Root as role vs. user and rsync
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Mon May 7 14:36:26 UTC 2012
On Sun, 6 May 2012, Ignacio Marambio Catán wrote:
> There is one other option. Use ssh public key authentication to bypass
> the whole PAM/role nonsense and restrict what the user can do with the
> command option. See sshd(8) in its AUTHORIZED_KEYS FILE FORMAT section
That is what I do. For even more security, the key triggers running a
script which runs rsync in server mode over ssh using a rsync.conf
configuration file specific to this purpose. If someone was to gain
access to the key, they could still only read data enabled to be read
using the key.
I have been backing up multiple types of hosts with this strategy for
four years now without a problem.
Bob
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the OpenIndiana-discuss
mailing list