Hello all, I'm currently setting up a remote backup solution based on rdiff-backup. Basically, each computer to be backed up regularly connects to the centralized backup server, and sends the modifications. This is done in a crontab.
On the backup server, there is one user per backed-up machine. Each machine stores its files up in the HOME directory of its associated user. Now, as this is a fully automated process, I cannot enter a password, so I naturaly though about using a passwordless SSH keys. (I suppose the passwordlessness of the key could arguably be a security issue, and I'd be happy to know about other possible solutions, if any.) I first thought about generating a specific key for that purpose. I then realized each of these hosts already had one, which is generated during the first boot. I finally decided to implement my system using /etc/ssh/ssh_host_rsa_key as the private key used to authenticate to the backup server. This file is only readable by root, but as cron runs as root, that should be no problem (not tested yet, I'm currently setting everything up). I'm wondering, however, if there were any security risks introduced by specifically using the host key instead of one generated specifically for that purpose and, if so, what they were. Thanks for you insight (: -- Olivier Mehani <sht...@ssji.net> PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
