secure remote backups
mike wolman
mike@nux.co.uk
Wed, 21 Nov 2001 14:41:15 +0000 (GMT)
Hi Ben,
I have tried your suggestion however when i try to
ssh and su i get the following problem from
su: standard in must be a tty
I have had a hunt for anybody else trying to run su
from ssh but have not found a solution.
Thanks again for your suggestion,
Mike.
On Mon, 19 Nov 2001, Ben Escoto wrote:
> >>>>> "MW" == mike wolman <mike@nux.co.uk>
> >>>>> wrote the following on Tue, 20 Nov 2001 00:23:16 +0000 (GMT)
>
> MW> Hi, Is it possible to use rdiff to first log in to a machine as
> MW> a normal user then su before performing the backup thus
> MW> preventing root from sshing into the remote machine directly?
>
> Yes, kind of, but this won't eliminate the security risks, so the
> primary purpose would probably be to run it on a machine not allowing
> root ssh connections.
>
> rdiff-backup usually opens a connection to a remote host by
> executing "ssh user@host rdiff-backup --server", but you can control
> this using the --remote-schema option. Instead of running
> rdiff-backup directory on the remote side, you could instead run a
> script that was either suid, or ran su itself, and then ran
> rdiff-backup.
>
> For instance:
>
> rdiff-backup --remote-schema "ssh %s su root -c 'rdiff-backup
> --server'" foo user@remote.host::bar
>
> Will log into remote.host as user, but then ssh will immediately use
> su to run 'rdiff-backup --server' as root. (Assuming I didn't mess up
> the quoting.)
>
> The problem for security is that however you log into the remote
> machine, the rdiff-backup server is running as root (assuming you want
> to preserve file ownership), so a malicious user on the local machine
> could tell the server to do bad things.
>
>
> --
> Ben Escoto
>
>