How can I use Dirvish without enabling root logins in sshd?

backup linux

For anyone looking here's the solution I went with.

Key points:

  1. Dirvish doesn't support running rsync via sudo (Why, I do not know)

  2. In AUTHORIZED_KEYS you can restrict the conditions under which a key is authorized, including specifying a single permitted command, and a single source IP address.

In sshd_config you can specify that ssh root login is only permitted when the -command flag is specified and the command matches the one in AUTHORIZED_KEYS

PermitRootLogin forced-commands-only

A full procedure is here: http://apt-get.dk/howto/backup/


You are on the right track with not allowing root logins via SSH. However your prerequisite about sudo is unreasonable.

However, sudo allows very fine grained control over exactly what can and cannot be executed by a given user. You can allow the dirvish user to ONLY execute exactly one binary without a password.

Combine this with key-based authentication for that user, and you have yourself a backup solution.

Related

How to use MSSQL, rebuild all indexes on all tables? MSSQL Server 2008
Adding HSTS to nginx config
How do I ask "dig" to only return the IP from a CNAME record?
How to migrate from SQL Server 2005 to 2008
Preventing Mac OS X clients from polluting Windows shares with resource forks
Send email when anyone logs on
How to migrate a BIND DNS server to new hardware?
Automatically sync all zones between BIND 9
SyncToy alternative for Windows 7 - synchronise folder with network drive
Why an empty MAIL FROM address can sent out email?
Where to maintain central source repository?
fdisk - partition in single line