I am building a new ZFS cluster: a live system and backup system.
If I setup ssh keys, then a potential hacker can delete snapshots from my backup system as well if they gain root access on the live system.
I'm thinking of two possible approaches to ensure my backups can't be touched:
1. bkp server holds keys to live server and does something like:
ssh root@live 'zfs send -i zfs/testindex@now5 zfs/testindex@now6 | sshpass -p test2023 ssh root@bkp zfs recv zfs/testindex'
- the password would be changed after each invocation on the bkp system, although it would still offer a brief window where it could be grabbed and used
2. on live server, I zfs send the snapshot to a file
on bkp, I rsync that file via a simple pull and do zfs recv from it
#2 is much more secure but a bit less elegant I find. Is there a way to leverage send/receive without compromising access to the backup system ?
If I setup ssh keys, then a potential hacker can delete snapshots from my backup system as well if they gain root access on the live system.
I'm thinking of two possible approaches to ensure my backups can't be touched:
1. bkp server holds keys to live server and does something like:
ssh root@live 'zfs send -i zfs/testindex@now5 zfs/testindex@now6 | sshpass -p test2023 ssh root@bkp zfs recv zfs/testindex'
- the password would be changed after each invocation on the bkp system, although it would still offer a brief window where it could be grabbed and used
2. on live server, I zfs send the snapshot to a file
on bkp, I rsync that file via a simple pull and do zfs recv from it
#2 is much more secure but a bit less elegant I find. Is there a way to leverage send/receive without compromising access to the backup system ?