| 1 |
On Mon, 1 Jul 2013 06:31:38 -0700, Grant wrote: |
| 2 |
|
| 3 |
> > There is no sacrifice, you are running rsync as root on the client |
| 4 |
> > either way. Alternatively, you could run rsyncd on the client, which |
| 5 |
> > avoids the need for the server to be able to run an SSH session. |
| 6 |
> |
| 7 |
> I think the sacrifice is that with the backuppc method, if someone |
| 8 |
> breaks into the backup server they will have read(/write) access to |
| 9 |
> the clients. The method I'm describing requires more management if |
| 10 |
> you have a lot of machines, but it doesn't have the aforementioned |
| 11 |
> vulnerability. |
| 12 |
> |
| 13 |
> The rsyncd option is interesting. If you don't want to restore |
| 14 |
> directly onto the client, there are no SSH keys involved at all? |
| 15 |
|
| 16 |
Not even then, the server talks to the client in the same way for |
| 17 |
restores as it does for backups, so it would still use rsyncd if you |
| 18 |
wanted it to. |
| 19 |
|
| 20 |
> >> Obviously the backup server has to be able to make outbound |
| 21 |
> >> connections in order to pull so I think you're saying it could drop |
| 22 |
> >> inbound connections, but then how could you talk to it? Do you mean |
| 23 |
> >> a local backup server? |
| 24 |
> > |
| 25 |
> > Yes, you talk to the server over the LAN, or a VPN. There need be no |
| 26 |
> > way of connecting to it from outside of your LAN. |
| 27 |
> |
| 28 |
> To me it seems presumptuous to be sure a particular machine will never |
| 29 |
> be infiltrated to the degree that you're OK with such an infiltration |
| 30 |
> giving read(/write) access on every client to the infiltrator. |
| 31 |
|
| 32 |
I don't think it too unreasonable to assume that a machine with no ports |
| 33 |
exposed to the Internet will not be compromised from the Internet. |
| 34 |
Whereas a push approach requires that the server have open ports. |
| 35 |
|
| 36 |
|
| 37 |
-- |
| 38 |
Neil Bothwick |
| 39 |
|
| 40 |
Just when you got it all figured out: An UPGRADE! |
Archives