On 02/13/2012 06:36 PM, Paul E Condon wrote: > I am researching ways of setting up an automatic backup of > my several local hosts (read computers in ancient UNIX parlance). > > My research has not been exhaustive, but it seems that the backup > packages that offer backup of one host by another host all involve > creating a special ssh password for the purpose that is not encripted > and therefore does not need to be decripted for use. Advice varies as > to how dangerous this is for security, but there is universal > consensus that caution should be exercised. > > I have discovered an alternative to a passwordless private ssh key in > the Debian package repository. (Not a great feat for a normal Debian > user, but I am specially challenged.) The package in question is > 'sshpass'. It allows one to write a script that feeds a password to > the system that needs on. And, of course, the password is hidden > somewhere on the using host in ways that can be questioned. > > I want to hear expressions of opinion as to the relative merits of > having a password hidden somewhere vs. simply having no password on > the private ssh key. I know there is risk in both and both ways have > risks, but has anyone compared to two approaches and then decided to > go one way or the other based on something more than a gut feeling? If > so, what did you decide, and what were the risk factors that were > important to you? > > If any of you feel that your position on this issue in not an opinion, > but a fact that is beyond argument, your response is also welcome. > > TIA >
I would simply use a passwordless ssh-key with a wrapper on the remote side which allows to run only the backup command . something like that : http://www.hackinglinuxexposed.com/articles/20030115.html Best regards , Alex -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f394b4d.9090...@biotec.tu-dresden.de
