On 04 Feb 12:33, Chris G wrote:
On Wed, Feb 04, 2009 at 11:38:40AM +0000, Stuart Bailey wrote:
If you have shell access on your remote system, you could create a DSA or RSA key pair. Set the ssh config to access key based authentication, then you don't need to enter a password. Just keep your private key safe.
That doesn't help. To allow unattended backup to work the ssh keys have to have no key so an intruder on the client machine will have passwordless access to the remote machine.
Otherwise, there are some commercial offerings:
KeVault by KeConnect. This uses a Java app to backup your data (encrypted) onto their servers, which are diversely located. It runs automatically using their provided scheduler.
www.keconnect.co.uk/kevault
I still don't think it addresses the problem, unless it's an incremental backup. If someone breaks into 'my' machine (the machine being backed up) then they can send rubbish data to overwrite the good backups can't they? This is the specific possibility I'm trying to protect myself against a bit.
I'm *sure* that we went through this several months ago... care to go back through the archive and find the bit that says...
"Use a passphrase less key, and only grant it permissions to run the backups"
It's not bloody rocket science.