I’m running a server in my home-office and I would like it to poll home backups to it from an external server running Iworx (nightly) via sftp and then delete them after the job is done.
I have been looking on the web for a solution for this and found the Dreamhost wiki and this article about Passwordless Login.
Can I use the above with the root-account and access backup-files that are owned by root (“backup all domains”) with any major security concerns?
You could do it but I really wouldn’t do it with root. Too much issue. You could set things up to move/copy the full backups to a seperate location where a dedicated account can get at them.
Thanks for your feedback. What I want to do is to limit the remote locations where the userdata is stored.
If I run a backup-all process, the owner to the backup-files would be root, right?
I have setup a passwordless login for another login and it works well. Though this is a regular account with no administration-privileges. So that part works alright.
What are the major security concerns for using a passwordless login for root from a, in my case, office server polling files home with a cronjob?
Would it be possible for anyone along the chain to listen in on the keyphrase or something similar?
I found this link while googling, where they basically seem to say that it both “dangerous” and not…
EDIT: An alternative solution could be to create an automated process that deletes files in a particular directory that is over, let’s say, 7 days old. This would eliminate the need for a passwordless login. Though I am not certain on how a script like this would look like. Any ideas/examples?
I don’t know who the owner of the backup files would be. Secure isn’t a boolean, its not possible to be 100% secure. Typicaly the risk of having a remote machine pop in to another and download backed up files isn’t as risky as not having the off-site backups. If you don’t use root and limit what the copying user is dong, its really no big deal.
Using a normal user or worse, root, is risky because if the machine doing the copying is compromised not only do you loose your backup’s intergity, but you loose the server as well. That’s why people say don’t do it.
Of course it isn’t black/white, though I’m talking about any major concerns of having a passwordless login for a root/su.
Typicaly the risk of having a remote machine pop in to another and download backed up files isn’t as risky as not having the off-site backups.
You are right indeed, and I appreciate your input on these issues.
I have now setup an automated solution where I move backups on a daily basis to a remote location over ftp and then a cronjob takes care of keeping files only as old as 7 days in the remote archive. Seem to be working quite well.