On 9/23/10 3:21 AM, IvyAlice wrote: > Hello Less Micksell, > > > > Thank you for your reply. > > I use the daemon rsyncd cause the security guy told me that this solution is > more secure than using rsync/ssh without password between the machines > (backuppc is installed on a real server used for other things, too)
I wouldn't agree with that, but the security weaknesses are different. With ssh keys, security depends entirely on protecting the private side of the key pair. Anyone who can be root or the backuppc user on the backuppc server can steal the identity file and get root access to the remote servers - and you should assume that anyone who has physical access to the server could do this, perhaps by booting a live cd to bypass its passwords. However, as long as the private key is protected, ssh sessions are fairly secure and the data over the network is encrypted. Perhaps your security guy misunderstood and thought you needed to remove the root password, which is not necessary when using ssh keys. Running rsyncd instead, you also have the issue of your passwords being stored in plain text on the server and the data being passed over the network without encryption - but you do have some control of which files can be accessed. It is also possible to make the ssh connection as a non-root user, then use sudo to become root with restrictions on the possible commands. I think the details for this are posted on the wiki somewhere, but basically if you permit restores you can pretty much do anything to the target machines anyway. > When I launch the command from the server to the host : > #rsync -av MyClient:backupETC > > #receiving incremental file list > #drwxr-xr-x 4096 2010/09/23 07:57:29 backupETC > #sent 12 bytes received 47 bytes 16.86 bytes/sec Add a trailing / to see the contents: rsync -av MyClient::backupETC/ -- Les Mikesell lesmikes...@gmail.com ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/