From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1P3XzT-00015x-4d for garchives@archives.gentoo.org; Wed, 06 Oct 2010 17:41:19 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0DBF9E0822; Wed, 6 Oct 2010 17:40:06 +0000 (UTC) Received: from mail-gw0-f53.google.com (mail-gw0-f53.google.com [74.125.83.53]) by pigeon.gentoo.org (Postfix) with ESMTP id DFCC5E0822 for ; Wed, 6 Oct 2010 17:40:05 +0000 (UTC) Received: by gwaa18 with SMTP id a18so5063068gwa.40 for ; Wed, 06 Oct 2010 10:40:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=MUuH423gRNRhZjd/MW6/THzwwO2dWaXsuYGhpfa51ks=; b=XgIJTt/wHkauCaKYDstbbrClwtQOEyMGuqE/XhkERsvmb8X11rudtlQdhqJl08nr58 akLWOkLlcMz7jwmPUfo33p9nfTVZwWG/BaQ5I+FDsTJuXUJCYdBOvdGUwvGzFEiBKEpM 8Vjf3H5KLxH2aFW7mwF/hfFz5kGcvGbhWmrr0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=Vtqn7ZXSD6WOrMwaIQSwp2uQGrAYNcCmkgxtJdxVUrGYxwz3oTtH3YwkeVtOKHh9py GBRkUcWGdcKzlhbzRw64wUhFvyflxcs8pK38whGQQKjyMG7qtqzOJnOMZTAcjoQu50m+ stzjpo1ZIkLEragB8kKvdrXitFNsi+oA6pWv4= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.42.140.4 with SMTP id i4mr1185270icu.160.1286386805344; Wed, 06 Oct 2010 10:40:05 -0700 (PDT) Received: by 10.42.6.130 with HTTP; Wed, 6 Oct 2010 10:40:05 -0700 (PDT) In-Reply-To: <4C9FC1EA.3070309@orlitzky.com> References: <4C9FC1EA.3070309@orlitzky.com> Date: Wed, 6 Oct 2010 10:40:05 -0700 Message-ID: Subject: Re: [gentoo-user] Finalizing my backup system From: Grant To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 166f0a97-d6af-41e2-a501-e1a5201c4e1c X-Archives-Hash: 7fb8311d13236358e54d54e1cdb977d3 >> I'm using backupninja to backup data from my laptop, desktop, and >> remote server onto a remote desktop system. =A0backupninja is very >> simple and is really just an interface to a few other programs >> including rdiff-backup. =A0I'm not worried about a good restore method >> for now, I want to focus on keeping it simple and protecting my data. >> This is the first time I've set up a real backup system and I'd love >> to get some advice from you guys. =A0I've got a few questions. >> >> 1. This is the first time I've used passwordless SSH keys. =A0root on >> each system being backed up logs into the remote desktop as a normal >> user to store the backups. =A0Is this pretty safe? =A0I suppose if root = is >> compromised on any of the three systems being backed up (via physical >> access or otherwise), the remote desktop will also be compromised as a >> normal user. =A0Maybe that normal user should be extraordinarily >> unprivileged? > > You can limit SSH access to only certain commands. On the remote desktop > machine, you probably had to add an entry to the SSH authorized_keys > file. You can prefix that line with the command that the user is allowed > to run. For example (I use rdiff-backup too): > > =A0command=3D"/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding > =A0ssh-rsa I tried both that and simplified versions of it but it seems to prevent the login from working. It hangs on the following command, which works if I don't add the above: ssh -o PasswordAuthentication=3Dno 1.2.3.4 -l user 'echo -n 1' Should it be working? I noticed I have ssh-dss instead of your ssh-rsa. - Grant