Hello, I'm thinking of using rsync for backup purposes. Sadly, the server (alpha) hosting the files I'd like to backup does not allow ssh or rsync connections - but I may execute rsync as a cron job or cgi-script. But I run a server (beta - debian sarge), that may serve as the rsync server, therefore I'd thought, that alpha may call beta to back up his data by using rsync over ssh and ssh-keys. However, this requires alpha having a ssh-key. Furthermore I'm not in charge with alpha's security, thus I've to make sure, that a attacker, who gained access to alpha's ssh-key is not able to compromis beta (well, he might be able to delete / modify the backup'ed data, but this might be circumvented by regularly tar the backed up data). Thus my question is: How should I configure / secure beta to prevent this?
I thought of using a new sarge installation in vmware, but this will require a lot of ressources I'm unwilling to spend. I thought of an new sarge installation on Xen - but I don't none whether Xen is ready to be used in a hostile environment. I thought of a sarge installation in a chroot enviroment, but I don't know whether a "tight (tightend by grsecurity)" chroot would allow ssh / rsync to be called. I thought of just creating a user for that on beta and set appropiate permissions - but what kind of permission would be appropiate? What do you think? Greetz Thorsten. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]