Question on ssh authorization for rsync daemon server and rsync ssh shell
by framp from LinuxQuestions.org on (#5SEQY)
Let's give you some background why I created this thread:
I wrote and maintain a Raspberry backup tool called raspiBackup which is available on on github under GPL and used by a lot of people. As of now all backups are controlled from the local system and use mounted partitions to write the backups.
From time to time users ask for rsync daemon support of raspiBackup. rsync supports ssh shell and daemon copy of data which has some benefits compared to mounted remote nfs or smb partitions: Speed and ACL support
I now want to add rsync daemon support and I'm just evaluating how I can use the rsync ssh shell and daemon. If the rsync daemon is used it's easy: The user has to define the rsync daemon credentials which have to have full access to the file system exposed by the server.
I'm struggling with remote shell calls. I managed to transfer files back and forth but I'm concerned whether the authorizations which have to be configured are OK from a security point of view:
raspiBackup requires to have full (root) access to the remote system in order to shuffle around backup files. Therefore a user who has to call raspiBackup via sudo or as root to store the backup on a remote server via ssh has to add the public root ssh keys in the authorized_keys file. This works fine but I frankly don't like to have this powerful grant for root on the system running the backup on the backup server. Actually this authorization also has to exist when the rsync daemon is used because otherwise no cleanup and reshuffling of backups will be possible on the remote system.
Would be great to get your feedback on this approach or any hints how to circumvent this root ssh authorization requirement.
I wrote and maintain a Raspberry backup tool called raspiBackup which is available on on github under GPL and used by a lot of people. As of now all backups are controlled from the local system and use mounted partitions to write the backups.
From time to time users ask for rsync daemon support of raspiBackup. rsync supports ssh shell and daemon copy of data which has some benefits compared to mounted remote nfs or smb partitions: Speed and ACL support
I now want to add rsync daemon support and I'm just evaluating how I can use the rsync ssh shell and daemon. If the rsync daemon is used it's easy: The user has to define the rsync daemon credentials which have to have full access to the file system exposed by the server.
I'm struggling with remote shell calls. I managed to transfer files back and forth but I'm concerned whether the authorizations which have to be configured are OK from a security point of view:
raspiBackup requires to have full (root) access to the remote system in order to shuffle around backup files. Therefore a user who has to call raspiBackup via sudo or as root to store the backup on a remote server via ssh has to add the public root ssh keys in the authorized_keys file. This works fine but I frankly don't like to have this powerful grant for root on the system running the backup on the backup server. Actually this authorization also has to exist when the rsync daemon is used because otherwise no cleanup and reshuffling of backups will be possible on the remote system.
Would be great to get your feedback on this approach or any hints how to circumvent this root ssh authorization requirement.