As part of my sort out and tidy up of security, backups, etc. I've decided that it would be better to run my off site backups as 'pull' backups driven from the remote systems. This way an intruder into my home system won't see any evidence of these backups happening and hence won't be tempted to do anything to them.
This requires (unless someone else has some bright ideas) that the remote system has a passwordless login to enable it to do the backup (or I put the password in the script, which comes to the same thing).
For this to be (reasonably) secure it needs to be set up so that the *only* thing you can do with that login is a backup. So, finally to my question, what's the tidiest/easiest way of doing this?
I can see two possible ways:-
A dedicated login with the program to be executed when you login set to do the backup.
A 'ForceCommand' in ssh that executes the backup when certain criteria are met.
I think I prefer the second as it makes handling permissions etc. easier. E.g. I want to backup files belonging to user xxxx, if I can login as user xxxx then I don't need to worry about the files all being readable by the backup. This requires careful setting up of the sshd_config file though so that remote logins to user xxxx run the backup but one can still login to user xxxx locally.
Can anyone see any serious flaws in the above and/or easier ways of doing it that are still reasonably secure?