From owner-freebsd-security  Wed Nov 28 22: 2:51 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122])
	by hub.freebsd.org (Postfix) with ESMTP id 6636237B419
	for <security@freebsd.org>; Wed, 28 Nov 2001 22:02:47 -0800 (PST)
Received: from dialup-209.247.138.241.dial1.sanjose1.level3.net ([209.247.138.241] helo=blossom.cjclark.org)
	by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 169KHQ-0004kX-00; Wed, 28 Nov 2001 22:02:41 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fAT5cK106169;
	Wed, 28 Nov 2001 21:38:20 -0800 (PST)
	(envelope-from cjc)
Date: Wed, 28 Nov 2001 21:38:20 -0800
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Eric Anderson <anderson@centtech.com>
Cc: Rasputin <rasputin@submonkey.net>,
	"Stephen T. Shipley" <steve@e-shipley.com>, security@FreeBSD.ORG
Subject: Re: crypted remote backup
Message-ID: <20011128213820.I3985@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <E168Qts-000Bj5-00@rip.psg.com> <200111270147.fAR1lDk16602@e-shipley.com> <20011128101048.A25860@shikima.mine.nu> <3C04EEF9.D10C1B41@centtech.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3C04EEF9.D10C1B41@centtech.com>; from anderson@centtech.com on Wed, Nov 28, 2001 at 08:04:41AM -0600
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Nov 28, 2001 at 08:04:41AM -0600, Eric Anderson wrote:
> What I have been doing is croning a script (as root) that
> tarballs the right stuff, and then scp the file as another
> user ("backup" in my case) to another box.  This way I'm not
> logging in as root to copy a file over the net, and I don't
> have to have sshd set up to allow root logins at all.

There is no reason that root on the local machine (the one with the
tarball) can't log into the remote box as another user.

  #!/bin/sh

  tar czf backup.tgz your_backup_files ..

  scp backup.tgz backup@remote-machine:backup.tgz

-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message