On 2014-11-21, 10:55 GMT, Roberto Ragusa wrote:
For rsync-as-root use cases my usual approach is to create another account with userid=0 and login with ssh on this account.
Proper way is actually to use command parameter in authorized_keys on server and for example https://ftp.samba.org/pub/unpacked/rsync/support/rrsync (or /usr/share/doc/rsync-*/support/rrsync)
The only thing attacker gets after cracking to the server is rsync prompt.
Best,
Matěj