How can I restrict incoming root rsync over ssh to specified command?

This is a discussion on How can I restrict incoming root rsync over ssh to specified command? within the Rsync forums, part of the Networking and Network Related category; I'm trying to setup a centralized backup server on RHEL 3.0, which will use rsync over ssh to ...


Go Back   Usenet Forums > Networking and Network Related > Rsync

Reload this Page How can I restrict incoming root rsync over ssh to specified command?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-04-2004
mjcsfo
 
Posts: n/a
Default How can I restrict incoming root rsync over ssh to specified command?
I'm trying to setup a centralized backup server on RHEL 3.0, which
will use rsync over ssh to pull certain directories from the ssh
server/rsync source
to the ssh client/rsync destination. Here's an example of the command,
in a
script run via cron as root:

rsync --rsh="ssh -i /root/.ssh/rsync-id_rsa" \
-avR --stats --delete --max-delete=100 \
$HOST:/etc/ $CURR_DIR

$HOST would be static but $CURR_DIR would vary on each call - it
basically
contains a path containing the date and time, such as:

HOST=myserver
CURR_DIR=/var/spool/backups/$HOST/2004-02-04.18

for a backup run on Feb 4, 2004 at 6pm.

I've setup a non-password protected private key as noted above to
allow
non-interactive complete access to all files I want to backup. I'm
currently
using "PermitRootLogin without-password" in sshd_config and the
from="myclient", no-port-forwarding, no-X11-forwarding,
no-agent-forwarding,
no-pty options in authorized_keys to restrict how this key can be
used. But
this method would allow anyone who managed to obtain the private key
non-
password protected root access to all servers which are being backed
up with
this approach - hopfully without a terminal, but I don't know what
risks
there are in this technique.

I was hoping to use the command="command" option, but from the
description
in the man pages it seems like this wouldn't work, since it seems like
the
command must be static, any command I send is ignored, and I'm not
sure of
which command I'd run on the other end to implement the rsync
technique I
want to do in any case.

I did think potentially the remote command could use environment
variables
which I could set remotely via "PermitUserEnvironment yes" in
sshd_config,
hopefully thereby allowing the remote command to be static, but I
don't see
how this would work with rsync using ssh as an underlying transport.

Questions:
1. Does anyone think that the technique I'm using today is simply too
insecure? Even with the server locked up in a room with no user
access and running no daemons?

2. Is there a way to implement what I'm trying to do with rsync using
some variant of the command="" option to prevent any other use of
this non-password protected key?

Thanks in advance!

Mike

P.S. Please, no spam even though I'm posting through Google and can't
hide
my email address!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 02:12 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0