[PLUG] Best Practice for a Non-Best Practice task....
Terry Griffin
griffint at pobox.com
Sat May 10 20:37:20 UTC 2008
On Saturday 10 May 2008 12:43 pm, Sean Whitney wrote:
> I want to start backing up our remote servers using dirvish with SSH.
> This however requires that I allow remote root login through ssh.
>
> I'm trying to figure out the best way of doing this.
>
>
> In /etc/sshd_config I need to set
> PermitRootLogin yes
>
> But is there a way to require root (an only root) to require ssh key
> exchange and not allow remote password login?
>
>
I took a different approach but it requires some extra disk space on the
machine being backed up. I do a two-stage backup. In the first stage a cron
job running as root on the host being backed up, backs itself up in to tar
files in a dedicated local area for backups. Permissions for the tar files
are set such that user "backup" has read access. In stage two a cron job on a
remote host logs in via ssh using keys (rsync via ssh actually) as
user "backup" and mirrors the tar files. The backup user does not have a
password. You could also have the first host push the tar files to a
non-root account on another host, as long as the second host is not behind
a NAT'ing firewall or something.
Terry
More information about the PLUG
mailing list