1 |
On Mon, 1 Jul 2013 06:31:38 -0700, Grant wrote: |
2 |
|
3 |
> > There is no sacrifice, you are running rsync as root on the client |
4 |
> > either way. Alternatively, you could run rsyncd on the client, which |
5 |
> > avoids the need for the server to be able to run an SSH session. |
6 |
> |
7 |
> I think the sacrifice is that with the backuppc method, if someone |
8 |
> breaks into the backup server they will have read(/write) access to |
9 |
> the clients. The method I'm describing requires more management if |
10 |
> you have a lot of machines, but it doesn't have the aforementioned |
11 |
> vulnerability. |
12 |
> |
13 |
> The rsyncd option is interesting. If you don't want to restore |
14 |
> directly onto the client, there are no SSH keys involved at all? |
15 |
|
16 |
Not even then, the server talks to the client in the same way for |
17 |
restores as it does for backups, so it would still use rsyncd if you |
18 |
wanted it to. |
19 |
|
20 |
> >> Obviously the backup server has to be able to make outbound |
21 |
> >> connections in order to pull so I think you're saying it could drop |
22 |
> >> inbound connections, but then how could you talk to it? Do you mean |
23 |
> >> a local backup server? |
24 |
> > |
25 |
> > Yes, you talk to the server over the LAN, or a VPN. There need be no |
26 |
> > way of connecting to it from outside of your LAN. |
27 |
> |
28 |
> To me it seems presumptuous to be sure a particular machine will never |
29 |
> be infiltrated to the degree that you're OK with such an infiltration |
30 |
> giving read(/write) access on every client to the infiltrator. |
31 |
|
32 |
I don't think it too unreasonable to assume that a machine with no ports |
33 |
exposed to the Internet will not be compromised from the Internet. |
34 |
Whereas a push approach requires that the server have open ports. |
35 |
|
36 |
|
37 |
-- |
38 |
Neil Bothwick |
39 |
|
40 |
Just when you got it all figured out: An UPGRADE! |