Lists wrote:
> On 09/23/2013 01:50 PM, Les Mikesell wrote:
>> Is there something that convinces you that sudo is better at handling
>> the command restriction than sshd would be?
>
> In the context of a production server, the idea is to remove any ability
> from another host (EG: backup server) to run local arbitrary code or
> change local files. (read-only)
<snip>
> You can disable the password on the backup account to achieve a similar
> effect using an SSHD option. If there's a better/simpler way to do this
> via SSHD option I'd love to hear about it!
>
Sure. You disable password authentication, and allow keys only, in
/etc/ssh/sshd_config.
mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Re: Howto: Extremely tight security rsync shell for backups
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: "CentOS mailing list" <centos@xxxxxxxxxx>
- Subject: Re: Howto: Extremely tight security rsync shell for backups
- From: m.roth@xxxxxxxxx
- Date: Mon, 23 Sep 2013 17:44:54 -0400
- Delivered-to: centos@xxxxxxxxxx
- Importance: Normal
- In-reply-to: <5240B560.6080105@benjamindsmith.com>
- User-agent: SquirrelMail/1.4.22
- Follow-Ups:
- References:
- Howto: Extremely tight security rsync shell for backups
- From: Lists
- Re: Howto: Extremely tight security rsync shell for backups
- From: m . roth
- Re: Howto: Extremely tight security rsync shell for backups
- From: Lists
- Re: Howto: Extremely tight security rsync shell for backups
- From: Les Mikesell
- Re: Howto: Extremely tight security rsync shell for backups
- From: Lists
- Howto: Extremely tight security rsync shell for backups
- Prev by Date: Re: Howto: Extremely tight security rsync shell for backups
- Next by Date: Re: Howto: Extremely tight security rsync shell for backups
- Previous by thread: Re: Howto: Extremely tight security rsync shell for backups
- Next by thread: Re: Howto: Extremely tight security rsync shell for backups
- Index(es):
 |