[CentOS] Howto: Extremely tight security rsync shell for backups
m.roth at 5-cent.us
m.roth at 5-cent.us
Mon Sep 23 21:44:54 UTC 2013
Lists wrote:
> On 09/23/2013 01:50 PM, Les Mikesell wrote:
>> Is there something that convinces you that sudo is better at handling
>> the command restriction than sshd would be?
>
> In the context of a production server, the idea is to remove any ability
> from another host (EG: backup server) to run local arbitrary code or
> change local files. (read-only)
<snip>
> You can disable the password on the backup account to achieve a similar
> effect using an SSHD option. If there's a better/simpler way to do this
> via SSHD option I'd love to hear about it!
>
Sure. You disable password authentication, and allow keys only, in
/etc/ssh/sshd_config.
mark
More information about the CentOS
mailing list