rdiff-backup-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted

From: dean gaudet
Subject: Re: [rdiff-backup-users] SECURITY: Not all file ops accessed via vetted RPath objects? Also a path prefixing patch
Date: Tue, 16 Aug 2005 23:30:41 -0700 (PDT) 
On Tue, 16 Aug 2005, Charles Duffy wrote:

> > http://arctic.org/~dean/rdiff-backup/unattended.html
> 
> Not workable in my situation:
> 
> - The instructions from the page in question require work to be done on
> a per-server basis. I need to support tens to hundreds (and possibly
> someday thousands) of servers with minimal administrative overhead.

that's my bad really -- you actually only need a single special backup 
key... and you can clone the /root/.ssh/authorized_keys2 file everywhere 
with that one key.

but you couldn't as easily use the .ssh/config hack i'm using there for 
specifying the identityfile for hundreds of hosts... what you'd want to do 
is something like this for each "fishie":

        rdiff-backup --remote-schema 'ssh -C -i .ssh/backup_key %s rdiff-backup 
--server' fishie::/ /backup/fishie

i'm not sure why i went with a different key per server...

heck you don't even need the special key, the default key for the
backup user could be used... it's just that if you did this then you'd
have extra hassle when you want to restore.

restoring is another detail my page doesn't go into... for that it's great
to have a key dedicated for restore purposes -- but i really don't like
having those in my .ssh/authorized_keys2 files by default... i prefer
to add them manually when i'm actually doing a restore.

i guess i should revamp the directions sometime :)

-dean
reply via email to
[Prev in Thread] Current Thread [Next in Thread]