Nelson's log

secure remote backups with rsnapshot

I’m trying to back up my machine in a datacenter to my home server, using rsnapshot. The home machine is behind a firewall and pretty secure but I don’t want to be stupid about it. The remote machine should be secure, but is not firewalled. (OTOH both run ssh and http, so the attack surface is about the same). I found two useful guides for doing remote backups securely: one, two.

My final config is a pastiche of the two. Here’s the concept behind what I did. Backups run as root on the backup server and as a special-purpose user on the client being backed up (who can sudo to root to run rsync).

I feel pretty good about the security; the user would have to steal my private key from the backup server to access the client, and even then they’re only restricted to run rsync. However that rsync is run as root and I’m sure could pretty easily escalate by, say, overwriting /etc/sudoers.

It’d be more secure to run backups on the remote client as some user other than root. But I want to back up files only root can read, so I’m kind of stuck.