While I won't argue that it's the best solution that's essentially
what we do.
For backup purposes we create a file on Node1 using a root cron
job. It gets placed in ~backupuser and ownership of the file is set
to that user. Node2 connects via a cron job executing as it's own
backuser pulls the file across via scp with pub key authentication.
From there it's to tape. The backup user on both (all really) nodes
is locked. Unlike some others possibly we don't have shell users
other than two people who have the role of sysadmins (and access to
root privs anyway). chroot is one way to help improve any
potential/necessary shell access by the accounts.
Date: 2002-Oct-09
01:34pm NST
From: Johan De Meersman
[EMAIL PROTECTED]
Subject: Re: Is SSH worth it??
Not to be annoying, but I don't think it's ever a good idea to allow=20
root ssh to any machine :) Setup a low-permissions user, and use that,=20
or better yet, use something that allows a shell-less user for your data =
transfers. Perhaps there's a good reason, but one of the things I find=20
annoying in ssh, is that scp requires a valid shell for the destination=20
user - dunno if the same is true for sftp.