| I have two USB-connected hard-drives which are switched every week and one is moved to another location. The drives are encrypted with LUKS/dm-crypt. Encryption key is a file with random data stored in the /root dir, so the disk encryption is not safe from local attacks. Key is also stored off-site (not in the same location as the off-site disk of course.) A cron-script runs rsnapshot daily, which collects data from the local host and from remote hosts. Remote host backup goes via ssh, using a passwordless ssh-key, with a forced command in authorized_keys which is only allowed to run rsync. The script below must be modified so the rsync command match the actual command which rsnapshot executes. Also note that the path names can only contain [/a-zA-Z0-9]. It's a bit restrictive I know, but I tried to lock it down as much as possible. Just edit the regex if needed. /root/.ssh/authorized_keys: from="1.2.3.4",command="/root/bin/rsnapshot_wrapper.sh" ssh-rsa AAAA...
/root/bin/rsnapshot_wrapper.sh: #!/bin/sh
LOG="$HOME/rsnapshot_wrapper.log"
if echo "$SSH_ORIGINAL_COMMAND" | grep -E >/dev/null '^rsync --server --sender -v*logDtprRxe\.iLsfx --numeric-ids \. [/a-zA-Z0-9]+$' ; then
$SSH_ORIGINAL_COMMAND
else
echo "Invalid command: $SSH_ORIGINAL_COMMAND" >>"$LOG"
fi
exit 0
|