Dan Mahoney, System Admin
2008-May-07 07:17 UTC
Forcing a transfer to be one-way from the daemon side?
Hello all, I'm trying to set up a secure way to back up a system as root, with rsync (assume we don't want to kill the bandwidth and want a "snapshot" system for developers in a way that makes dump, tar, etc impractical. We've got an ssh key relationship set up and we can force the command to be rsync --daemon. The problem here is that while this is not only good for backups, it also means that anyone (which is still a trusted two people) can transfer a file IN as root, which moots the whole forced command thing and such. Is there a simple filter syntax or command switch that says "let them transfer anything down, but not up?" I didn't find anything in the man pages, and the filters didn't seem to be for this kind of thing. -Dan -- <Zaren> Christ almighty... my EYES! They're melting! -Zaren, Efnet #macintosh, in response to: www.geocities.com/CollegePark/Classroom/1944 The WEBSITE DESIGN class that gave my fiancee a D. --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
Paul Slootman
2008-May-07 10:42 UTC
Forcing a transfer to be one-way from the daemon side?
On Wed 07 May 2008, Dan Mahoney, System Admin wrote:> > Is there a simple filter syntax or command switch that says "let them > transfer anything down, but not up?" I didn't find anything in the man > pages, and the filters didn't seem to be for this kind of thing.Set up an rsync daemon, and use "read only". Paul Slootman
danm@prime.gushi.org wrote:> I'm trying to set up a secure way to back up a system as root, with rsync > (assume we don't want to kill the bandwidth and want a "snapshot" system > for developers in a way that makes dump, tar, etc impractical. > > We've got an ssh key relationship set up and we can force the command to > be rsync --daemon.I set up a similar system, except that I used an ssh agent rather than a simple key relationship. I hope this diagram makes sense: Server \ \ \ \-> authorized_keys includes server_id_dsa.pub \ \-> ssh-agent \ \ \ \-> server_id_dsa attached \ \--> ssh to client machine / \ / \-> authorized_keys includes server_id_dsa.pub, rsync to server <-/ which only runs rsync script This way, the client machine can only rsync back data when the ssh agent is present, because the server only allows in connections for its *own* key, not any key that is stored on the client filesystem. If you want to make this somewhat more secure, set it up in such a way that the client machine cannot write to the rsync script-- in our case, the client machines access the rsync script from a read-only nfs partition. --Kyle