On Wed, 2009-02-04 at 12:04 +0000, Chris G wrote:
Maybe I haven't described exactly what I meant. 'My' machine is called 'chris' and it has data that needs backing up, I back it up to a machine called 'backup'. Say an intruder gets access to 'chris' (it's about the only machine on the LAN where a break in is directly possible), they can directly delete my data but I'm trying to make it so they *can't* get easy access to 'backup' and delete data there.
Using rdiff-backup (for example) to backup means that there is passwordless ssh access to 'backup' and so the intruder can simply go and delete files on 'backup' as well.
Ok so what if "backup" had read only access to "Chris" and pulled the files (via rsync or whatever) and Chris had no passwordless access to backup. Then if "Chris" is compromised "Backup" would be safe*. If Backup was compromised then the files on Chris would be safe* as well.
* Where "safe" is safe from deletion not interception..if you want safe from interception then you need to wrap rsync in ssh..encrypt the backup volume and the volume with your data on "chris" before you are even close.