Hi folks,
2009/2/4 Chris G cl@isbd.net:
I backup our important data (e.g. /home and some other bits and pieces) to a couple of remote 'servers'.
If they provide a service, they are servers.
Having passwordless ssh access to the backup machine means that a malicious attacker who gets into the backup client machine can destroy all the backups as well as the files being backed up. While this is a fairly remote possibility (a malicious attacker getting in) I'd like to protect against it if I can.
Physical access to the machine or remote access to your machine?
So I'm looking for a backup/mirror/remote copy facility that will allow me to 'push' files from a client machine to the backup machine without needing passwordless access.
How will you authenticate? How will this system know to push/commit a new file that you tell it to, versus a bogous file *I* tell it to?
Isn't this going back to some previous email we had about trust (millitary terminology and "trusted computing")? Where, if you trust some machine, it's not secure at all.
"Secure / Easy to use --- pick one". Does this apply?
I don't really have any solutions for you. I suspect a reasonable mix of solutions might be to make sure your OS is patched and firewalled, and that you encrypt your data as it goes to your backup server.
By definition (IMHO), anything that makes your life easier is going to have worse security.
Srdjan