i am trying to come up with a backup/restore plan. backupmachine will pull data from workmachine. thinking of using rsnapshot to do it.
what's the danger of configuring ssh on workmachine to allow root access without a passphrase and limiting the command using 'command=' in authorized_keys? if someone roots backupmachine, they are limited to workmachine by what i specified in 'command='
this is similar to what i am planning, but he prefers a backupuser on workmachine.
http://troy.jdmz.net/rsnapshot/
for my command in 'command=', i was going to use a script like the one below and list the commands i want allowed.
Code:
#!/bin/sh
case "$SSH_ORIGINAL_COMMAND" in
1)
/bin/date
;;
2)
/usr/bin/who
;;
3)
/usr/bin/w
;;
esac
exit 0
file permissions would be set to only allow root access to the script.