On Sun, 6 May 2012, Ignacio Marambio Catán wrote:
There is one other option. Use ssh public key authentication to bypass
the whole PAM/role nonsense and restrict what the user can do with the
command option. See sshd(8) in its AUTHORIZED_KEYS FILE FORMAT section
That is what I do. For even more security, the key triggers running a
script which runs rsync in server mode over ssh using a rsync.conf
configuration file specific to this purpose. If someone was to gain
access to the key, they could still only read data enabled to be read
using the key.
I have been backing up multiple types of hosts with this strategy for
four years now without a problem.
Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
