Re: utilisateur backup
Sam Vilain <[EMAIL PROTECTED]> writes: > Boris Daix <[EMAIL PROTECTED]> wrote: > >>- Can I safely give an SSH key to my backup user without any >> passphrase so that it could be automated via cron ? > > You can use `ssh-keygen -f single_action_key' to create a key for remote > execution of scripts. > > On the remote end, add this key to the `.ssh/authorized_keys' file. You > should add a forced command so that only one command may be executed with > that key. Good, really interesting ! > For rsync(1), you need to capture the exact switches of the rsync server > command. But I use rsync like a remote copy tool (scp), so do I need this ? If so, I need tips to better understand what follows... :-) > To do this, you can use this script on the destination server: > > #!/usr/bin/perl > open CAPTURE, ">$ENV{HOME}/capture.log"; > print CAPTURE "@ARGV\n"; > close CAPTURE; > > Then add --rsync-path=/path/to/script to your rsync command line. This > will leave something similar to the following in the destination > ~/capture.log: > > --server -vlgtpr --partial . yourhost > > So, you would use an authorized_keys entry like this (all one line): > > command="rsync --server -vlogDtpr --partial . > yourhost",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,1024 > 35 23...2334 Server backup key > > For more complete security, you could add a `chroot' jail to the above > command. Are jails useful with rsync used like scp ? >>- Is amanda appropriate for this task and would it be more secure >> to use it instead ? >>- If it is unsecure, how would I do such backups without having to >> enter passpgrase/passwd ? > > System backups are always an easy entry point, very often they contain > things like secret keys to encryption, etc that will allow a malicious > user to pretend to be the machine that they have access to the backups of. > Protect your backups carefully! Yes, I've crypted them via gpg :-) > -- >Sam Vilain, [EMAIL PROTECTED] WWW: http://sam.vilain.net/ > 7D74 2A09 B2D3 C30F F78E GPG: http://sam.vilain.net/sam.asc > 278A A425 30A9 05B5 2F13 > > Real Programmers don't write in Fortran. Fortran is for wimp > engineers who wear white socks. They get excited over finite state > analysis and nuclear reactor simulation. > many thanks -- Boris Daix "Feel free to be free, or not to be..." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: utilisateur backup
Boris Daix <[EMAIL PROTECTED]> wrote: >- Can I safely give an SSH key to my backup user without any > passphrase so that it could be automated via cron ? You can use `ssh-keygen -f single_action_key' to create a key for remote execution of scripts. On the remote end, add this key to the `.ssh/authorized_keys' file. You should add a forced command so that only one command may be executed with that key. For rsync(1), you need to capture the exact switches of the rsync server command. To do this, you can use this script on the destination server: #!/usr/bin/perl open CAPTURE, ">$ENV{HOME}/capture.log"; print CAPTURE "@ARGV\n"; close CAPTURE; Then add --rsync-path=/path/to/script to your rsync command line. This will leave something similar to the following in the destination ~/capture.log: --server -vlgtpr --partial . yourhost So, you would use an authorized_keys entry like this (all one line): command="rsync --server -vlogDtpr --partial . yourhost",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,1024 35 23...2334 Server backup key For more complete security, you could add a `chroot' jail to the above command. >- Is amanda appropriate for this task and would it be more secure > to use it instead ? >- If it is unsecure, how would I do such backups without having to > enter passpgrase/passwd ? System backups are always an easy entry point, very often they contain things like secret keys to encryption, etc that will allow a malicious user to pretend to be the machine that they have access to the backups of. Protect your backups carefully! -- Sam Vilain, [EMAIL PROTECTED] WWW: http://sam.vilain.net/ 7D74 2A09 B2D3 C30F F78E GPG: http://sam.vilain.net/sam.asc 278A A425 30A9 05B5 2F13 Real Programmers don't write in Fortran. Fortran is for wimp engineers who wear white socks. They get excited over finite state analysis and nuclear reactor simulation. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: utilisateur backup
"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: [...] > So the worst that can happen if the key gets compromised is that the > attacker can trigger a backup of your system. Conceivably this could be > a DoS, at worst. But it's a very common setup. In fact, the standard > method of mirroring Debian involves exactly this type of configuration. What I wonder is how far the backup user can read (or, worst, even write) to local fs. If it's just able to look at some /home and /var dirs, and can write only to /var/backups, it would be enough and I'll be quite confident. But at this time I don't know how to know this. >> >- Is amanda appropriate for this task and would it be more secure >> > to use it instead ? >> >> I am using it to backup a bunch of maschines on one tape also using >> cron. I found it easy to configure and am quite satisfied. You can even >> configure Amanda in a way that it only transfers changes. On the other >> hand, Amanda is meant to dump backups on tapes. I cant tell you if there >> is an easy way to reconfigure it. > > Amanda has no security. It does not encrypt any of the data going out > over the network. I doesn't support strong host authentication. It > can't be tunnelled over ssh. Tunnelling rdump over ssh is way more > secure than amanda. Running amanda over an IPsec link is a good > approach, and what I use to backup most of my servers. I don't know IPsec - but I'm too ashame to ask for what it implies :-)) I'll look for it, but as I won't use amanda ('cause no tape), backup user may be better if I find what it has access to. >> Amanda provides some sort of restricted host access. But I cant tell, if >> it would retain a determined attacker. > > It supports .amandahosts. It's similar to .rhosts. It can also do > kerberos, but most people don't have a kerberos infrastructure. > > noah > > -- > ___ > | Web: http://web.morgul.net/~frodo/ > | PGP Public Key: http://web.morgul.net/~frodo/mail.html Thanks -- Boris Daix "Feel free to be free, or not to be..." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: utilisateur backup
Mathias Palm <[EMAIL PROTECTED]> writes: [...] > I am using it to backup a bunch of maschines on one tape also using > cron. I found it easy to configure and am quite satisfied. You can even > configure Amanda in a way that it only transfers changes. On the other > hand, Amanda is meant to dump backups on tapes. I cant tell you if there > is an easy way to reconfigure it. No tape device here. >>- If it is unsecure, how would I do such backups without having to >> enter passpgrase/passwd ? >> > > What sort of security do you want? Do you want your backups be > encrypted? Amanda can't do that, to my knowledge. I'd like network transfers to be inexploitable by other parts : only admins of both machines should be able to get in backups (that implies file permissions locally, and encrypted communication between stations). > Amanda provides some sort of restricted host access. But I cant tell, if > it would retain a determined attacker. > > Otherwise I have not heart of exploits of amanda yet. Lets hope we won't. >> Thanks a lot Again :-) [...] -- Boris Daix "Feel free to be free, or not to be..." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: utilisateur backup
On Fri, Jul 19, 2002 at 03:58:18PM +0200, Mathias Palm wrote: > >- Can I safely give an SSH key to my backup user without any > > passphrase so that it could be automated via cron ? > > I'd say, the security is that of your original account then. Say there > are the computers A and B, where A:backup has got access to B:backup by > a phraseless ssh-key. You can log on to account A:backup and ssh to > B:backup because of the phraseless key, therefor the maximum of the > security you can achive is the security of account A:backup. Uhh, no. You need to read the docs for sshd. See, in particular, the following: command="command" Specifies that the command is executed whenever this key is used for authentication. The command supplied by the user (if any) is ignored. The command is run on a pty if the client requests a pty; otherwise it is run without a tty. If a 8-bit clean channel is required, one must not request a pty or should specify no-pty. A quote may be included in the command by quoting it with a backĀ slash. This option might be useful to restrict certain RSA keys to perform just a specific operation. An example might be a key that permits remote backups but nothing else. Note that the client may specify TCP/IP and/or X11 forwarding unless they are explicitly prohibited. Note that this option applies to shell, command or subsystem execution. So the worst that can happen if the key gets compromised is that the attacker can trigger a backup of your system. Conceivably this could be a DoS, at worst. But it's a very common setup. In fact, the standard method of mirroring Debian involves exactly this type of configuration. > >- Is amanda appropriate for this task and would it be more secure > > to use it instead ? > > I am using it to backup a bunch of maschines on one tape also using > cron. I found it easy to configure and am quite satisfied. You can even > configure Amanda in a way that it only transfers changes. On the other > hand, Amanda is meant to dump backups on tapes. I cant tell you if there > is an easy way to reconfigure it. Amanda has no security. It does not encrypt any of the data going out over the network. I doesn't support strong host authentication. It can't be tunnelled over ssh. Tunnelling rdump over ssh is way more secure than amanda. Running amanda over an IPsec link is a good approach, and what I use to backup most of my servers. > Amanda provides some sort of restricted host access. But I cant tell, if > it would retain a determined attacker. It supports .amandahosts. It's similar to .rhosts. It can also do kerberos, but most people don't have a kerberos infrastructure. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgp3lZ5wN680J.pgp Description: PGP signature
Re: utilisateur backup
On Fri, Jul 19, 2002 at 11:53:58AM +0200, Boris Daix wrote: > Hi all, > >I'd like to make backup via cron and I saw there were a user > named "backup" in passwd file. My problem is that the backups should > travel via LAN to another machine (running Woody too), so that > they backup eachother in fact. I'd like to use rsync to transfer only > changes, with SSH to increase security, but my question is : > >- Can I safely give an SSH key to my backup user without any > passphrase so that it could be automated via cron ? I'd say, the security is that of your original account then. Say there are the computers A and B, where A:backup has got access to B:backup by a phraseless ssh-key. You can log on to account A:backup and ssh to B:backup because of the phraseless key, therefor the maximum of the security you can achive is the security of account A:backup. >- Is amanda appropriate for this task and would it be more secure > to use it instead ? I am using it to backup a bunch of maschines on one tape also using cron. I found it easy to configure and am quite satisfied. You can even configure Amanda in a way that it only transfers changes. On the other hand, Amanda is meant to dump backups on tapes. I cant tell you if there is an easy way to reconfigure it. >- If it is unsecure, how would I do such backups without having to > enter passpgrase/passwd ? > What sort of security do you want? Do you want your backups be encrypted? Amanda can't do that, to my knowledge. Amanda provides some sort of restricted host access. But I cant tell, if it would retain a determined attacker. Otherwise I have not heart of exploits of amanda yet. > Thanks a lot > > -- > Boris Daix > > "Feel free to be free, or not to be..." > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: utilisateur backup
Ok, take a look here: http://freshmeat.net/projects/hdup/?topic_id=42%2C137 (http://www.miek.nl/projects/hdup/hdup.shtml) I've been using it for quite some time now to transfer backups secure and encrypted. Take a look. - Wouter [On 19 Jul, 2002, Boris Daix wrote in "utilisateur backup ..."] > Hi all, > >I'd like to make backup via cron and I saw there were a user > named "backup" in passwd file. My problem is that the backups should > travel via LAN to another machine (running Woody too), so that > they backup eachother in fact. I'd like to use rsync to transfer only > changes, with SSH to increase security, but my question is : > >- Can I safely give an SSH key to my backup user without any > passphrase so that it could be automated via cron ? >- Is amanda appropriate for this task and would it be more secure > to use it instead ? >- If it is unsecure, how would I do such backups without having to > enter passpgrase/passwd ? > > Thanks a lot > > -- > Boris Daix > > "Feel free to be free, or not to be..." > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- ~~~ Wouter van Gils -=- [EMAIL PROTECTED] http://the-construct.cx/ ~~~ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
utilisateur backup
Hi all, I'd like to make backup via cron and I saw there were a user named "backup" in passwd file. My problem is that the backups should travel via LAN to another machine (running Woody too), so that they backup eachother in fact. I'd like to use rsync to transfer only changes, with SSH to increase security, but my question is : - Can I safely give an SSH key to my backup user without any passphrase so that it could be automated via cron ? - Is amanda appropriate for this task and would it be more secure to use it instead ? - If it is unsecure, how would I do such backups without having to enter passpgrase/passwd ? Thanks a lot -- Boris Daix "Feel free to be free, or not to be..." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]