On Thursday, August 18, 2011 06:01:08 PM Grant wrote: > >> >> > You can seperate the backups by giving each system a > >> >> > different > >> >> > account > >> >> > where to store the backups. > >> >> > >> >> I'm not sure what you mean. The backups are all stored on the > >> >> backup > >> >> server. > >> > > >> > Each machine to be backed up has a different account on the backup > >> > server. This will prevent machine A from accessing the backups of > >> > machine B. > >> > > >> > This way, if one machine is compromised, only this machines > >> > backups can be accessed using the access-keys for the backup. And > >> > this machines keys can then be revoked without affecting other > >> > backups. > >> > >> That's a great idea. I will do that. Should that backup account have > >> any special configuration, or just a standard new user? > > > > I would suspect just a standard new user with default permissions. > > Eg. only write-access to his/her own files. > > > > And I'd prevent that user account from being able to get a > > shell-account. > > I created the backup users and everything works as long as the backup > users have shells on the backup server and are listed in AllowUsers in > /etc/ssh/sshd_config on the backup server. Did I do something wrong > or should the backup users need shells and to be listed in AllowUsers?
I'm not too familiar with rsync backups. A shell might be required, but if you set the command run on the server-side in the "authorized_keys" it should prevent any other command from being run. > Should I set up any extra restrictions for them in sshd_config? I have disabled all password-logins and only allow shared-key logins. > Should I set passwords for them? I don't set passwords for these type of users. By default, they can not login with any password that way. Setting a password will leave the possibility open someone might randomly guess the password. -- Joost
