RestrictOptions

From RdiffBackupWiki

Jump to: navigation, search

Dean Gaudet has already written a nice overview at http://arctic.org/%7Edean/rdiff-backup/unattended.html about securing unattended rdiff-backup sessions with ssh. The following adds a bit about the --restrict option to his page. So if you haven't read his page yet, go there and read that first (if anyone wants to copy his page into the wiki above, go ahead, but try to get his permission first).

Dean's instructions prevent the passphrase-free ssh key from running anything except rdiff-backup on primary. However, they would not prevent a attacker who had access to mirror from using rdiff-backup itself to overwrite important files on primary.

Thus, for added security, we can add a --restrict option inside the ssh command field. For instance, command 

       rdiff-backup --server --restrict-read-only /

would cause the rdiff-backup server to reject any write requests. See the rdiff-backup manual page for more information on the various --restrict options.

If you choose to add a --restrict option on the primary-backup side, you must also tell the other side to run the server with those very options, lest it be rejected by ssh. In the above example, our cronjob might become: 

       1 1   * rdiff-backup --remote-schema 'ssh -C %s rdiff-backup \
         --server --restrict-read-only /' primary-backup::/ \
         /my/backup/directory

-- Ben Escoto

(I changed the link a wee bit so that it would work when "wiki'd". %E7 stands for tilde. -- WikiWorld:RobinLaur=E9n)

Back to TipsAndTricks

Retrieved from "http://wiki.rdiff-backup.org/wiki/index.php/RestrictOptions"
Personal tools