secure remote backups

mike wolman
Wed, 21 Nov 2001 14:41:15 +0000 (GMT)

Hi Ben,

I have tried your suggestion however when i try to
ssh and su i get the following problem from
su: standard in must be a tty

I have had a hunt for anybody else trying to run su
from ssh but have not found a solution.

Thanks again for your suggestion,


On Mon, 19 Nov 2001, Ben Escoto wrote:

> >>>>> "MW" == mike wolman <>
> >>>>> wrote the following on Tue, 20 Nov 2001 00:23:16 +0000 (GMT)
>   MW> Hi, Is it possible to use rdiff to first log in to a machine as
>   MW> a normal user then su before performing the backup thus
>   MW> preventing root from sshing into the remote machine directly?
> Yes, kind of, but this won't eliminate the security risks, so the
> primary purpose would probably be to run it on a machine not allowing
> root ssh connections.
>     rdiff-backup usually opens a connection to a remote host by
> executing "ssh user@host rdiff-backup --server", but you can control
> this using the --remote-schema option.  Instead of running
> rdiff-backup directory on the remote side, you could instead run a
> script that was either suid, or ran su itself, and then ran
> rdiff-backup.
>     For instance:
> rdiff-backup --remote-schema "ssh %s su root -c 'rdiff-backup
> --server'" foo
> Will log into as user, but then ssh will immediately use
> su to run 'rdiff-backup --server' as root.  (Assuming I didn't mess up
> the quoting.)
>     The problem for security is that however you log into the remote
> machine, the rdiff-backup server is running as root (assuming you want
> to preserve file ownership), so a malicious user on the local machine
> could tell the server to do bad things.
> --
> Ben Escoto