[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[rdiff-backup-users] Clarification of --restrict-update-only
From: |
John covici |
Subject: |
[rdiff-backup-users] Clarification of --restrict-update-only |
Date: |
Wed, 4 Feb 2009 13:52:32 -0500 |
Why don't you just have in your sshd config
PermitRootLogin without-password
and have a public key of your client in the
/root/.ssh/authorized_hosts on the server. I don't think the
restrict-update is very secure anyway, but this works well.
on Wednesday 02/04/2009 Chris G(address@hidden) wrote
> I'm using rdiff-backup to backup files across a LAN. The destination
> machine has a dedicated backup account which has passwordless ssh
> login set up for client machines that want to do backups.
>
> To make things a bit more secure I have added the following to my
> sshd_config on the destination/backup machine:-
>
> Match User=bak
> ForceCommand rdiff-backup --server
>
> So far so good. I can backup as required but it's not possible to
> login to the bak account using ssh. I'd like to lock it down a bit
> further by using the --restrict-update-only option so that if an
> intruder did gain access to a client machine they wouldn't be able to
> remove anything useful from the backups by deleting or overwriting.
>
> However I'm not quite clear how --restrict-update-only works, can I
> just do something like:-
>
> Match User=bak
> ForceCommand rdiff-backup --server --restrict-update-only /
>
> and thus prevent anything other than updates for *all* backups?
>
> --
> Chris Green
>
>
> _______________________________________________
> rdiff-backup-users mailing list at address@hidden
> http://lists.nongnu.org/mailman/listinfo/rdiff-backup-users
> Wiki URL: http://rdiff-backup.solutionsfirst.com.au/index.php/RdiffBackupWiki
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici
address@hidden
- [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/04
- [rdiff-backup-users] Clarification of --restrict-update-only,
John covici <=
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/04
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, John covici, 2009/02/04
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/04
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Jakob Unterwurzacher, 2009/02/04
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Dimi Paun, 2009/02/04
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Dominic, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Chris G, 2009/02/05
- Re: [rdiff-backup-users] Clarification of --restrict-update-only, Dominic, 2009/02/05