On Fri, Jun 24, 2011 at 2:15 AM, Helmut Hullen <Hullen < at > t-online.de> wrote:
Hallo, Nico,
Du meintest am 23.06.11:
I'm looking at an environment of roughly 100 boxes, all to back up to
an rsnapshot server. I'm very familiar with rsnapshot, but can't
necessarily get the owners of the boxes to allow me to install an SSH
key with root access, even wrapping the key in a 'validate-rsync.sh'
setup to assure it is used only for rsync. I've also reviewed the
rssh and chroot tools in the past, and they're unsuitable for the
scattered servers.
I'd prefer 100 local rsnapshot installations which all push their
backups to an external server.
This external server needs no rsnapshot, it only needs ssh, cp and mv.
Pushing rsnapshot trees? *E-e-e-e-e-e-w-w-w-w-w*. That's a far more
expensive operations: you need to double your available disk on a lot
of clients, and do the rsyncn *twice*. It also doesn't sove the "do
secure rsync pushes" issue.
But in my installation (3 clients push their backups to 1 storage
machine) every client has root access to the storage machine, every
owner can see all backups on the storage machine. Is that ok in your
environment?
Not a chance. That leaves SSH and SSL keys and encrypted password
files accessible to all to all users on all servers. It's unspeakably
bad security practice, with the possible exception of a personally
owned and dedicated cluster where everyone has root SSH keys, anyway,
to all machines.
That's why I'm looking at rsync "write-only" setups.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense..
http://p.sf.net/sfu/splunk-d2d-c1
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss
