This one time, at band camp, Stephen Gran said: > This one time, at band camp, Bernard Blackham said: > > This lets the backup key *only* run rsync in server mode. I > > /believe/ this means that (short of finding a buffer overflow in > > rsync) logins with this ssh key will only be able to read files, and > > not be able to change anything. Though if anybody can find any flaws > > in this scheme, I'd like to know :) > > As is kind of obvious, if I can compromise that key, I can do > rsync -e ssh --delete /some/empty/dir [EMAIL PROTECTED]:/ > or something, which isn't very nice :)
Err, disregard - I just now noticed the --server _--sender_ part of it - no you should be fine, since that only allows pull jobs. Sorry about that, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
pgpuH1Rddv7wy.pgp
Description: PGP signature