lhark/howto
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Some tips on doing secure backups via ssh

Browse source
This commit is contained in:
lhark 2021-04-08 23:41:14 +02:00
parent 1e4745e76f
commit 341e713f8a
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
how_to
View file

@ -856,6 +856,18 @@ ssh:
ssh-keygen -t ed25519 -a 100 ssh-keygen -t ed25519 -a 100
Good ol' RSA, with 4096 bits for good measure Good ol' RSA, with 4096 bits for good measure
ssh-keygen -t rsa -b 4096 -o -a 100 ssh-keygen -t rsa -b 4096 -o -a 100
Restricted access for backups:
Create system user with no password, give it a HOME and a group (or use a backup group)
Prepend key in .ssh/authorized_keys with
command="scp -f /path/to/<file|wildcard>",no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding ssh-rsa AAAAB[...]
Setup rssh
pacman -S rssh
# Access bits order: rsync, rdist, cvs, sftp, scp, svnserve
echo "user=<backup user>:<umask>:000010:" >> /etc/rssh.conf
sudo chsh -s /usr/bin/rssh <backup user>
Fix key auth:
chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys
Run MSVC on linux with Wine: Run MSVC on linux with Wine:
As seen on the internet, not tested: As seen on the internet, not tested: