Hi, thanks for your response.
Untrusted clients: the backup clients (computers being backed up) are untrusted in the sense that they are considered to be malicious actors trying to compromise the openbsd server, trying to get remote access to the OpenBSD server, beyond the limited backup they are authorised to do. Access code: In the example setup I gave (ssh + rrsync + rsnapshot), the access code would be the ssh code. I used the terms "access code" in case someone had a suggestion for another setup, not using ssh. For example another suggestion might be that I run an https web service. > How exactly do you expect it to be 'robust against an adversary in possession > of the access codes'? Well, that's the point about scripts like rrsync for example: giving ssh access to someone, but restricting the actions they can take. I am trying to see if there are other solutions I should consider. > could be a lot clearer about exactly what this setup is intended to do I want to give the client the ability to backup their files, but not do anything else on the computer, and protect myself against their attempts to compromise the machines. This would be the considerations a commercial backup service would have. Thanks > On 13 Jan 2026, at 01:23, Crystal Kolipe <[email protected]> wrote: > >> I am looking to implement an OpenBSD server as a backup server. >> >> Critically, it will provide backup to untrusted clients, so I need the setup >> to be robust against an adversary in possession of the access codes. > > To give any meaningful opinion on this, it would help if you could be a lot > clearer about exactly what this setup is intended to do. > > For example, what does 'untrusted clients' mean in this context? > > How exactly do you expect it to be 'robust against an adversary in possession > of the access codes'? > > What 'access codes'?
