0

My current task is to set up a (remote) backup (using rsync/rsnapshot) over sftp of /home (linux). Obviously some files are read only for the owner (ie -r-------; and should stay that way) so i guess I'll need the root user to back up those files. Setting up an rsync daemon seems also too insecure to me.

However, I do hesitate to use an ssh key for that purpose due to security concerns (if the backup server get's owned the attacker will have direct shells to other servers). I was thinking of creating a backup user with chroot sftp (as suggested Chroot SFTP - Possible to allow user to write to current (chroot) directory) but I guess I'd cripple my root user as I would loose shell access :(.

What setup would you suggest?

ropchain
  • 1
  • 1
  • it depends on how you want to use the most way. I could think about a cenario where you could use a single user for each user with its own key, and then copy via cronjob on the main server to the correct destination – djdomi Feb 09 '23 at 19:55
  • that would work technically, however this solution would not scale (i.e. create a lot of manual effort an maintenance) as I'd lots of keys and lots of crontab edits – ropchain Feb 10 '23 at 12:53
  • well on one site you will need to have a root shell. on the other side, you can have just one user for all on different sub directories. – djdomi Feb 13 '23 at 12:45
  • Does this answer your question? [Limited SSH access for log retrieval](https://serverfault.com/questions/507878/limited-ssh-access-for-log-retrieval) – djdomi Feb 13 '23 at 12:46

0 Answers0