I'm trying to setup a centralized backup server on RHEL 3.0, which
will use rsync over ssh to pull certain directories from the ssh
server/rsync source
to the ssh client/rsync destination. Here's an example of the command,
in a
script run via cron as root:

rsync --rsh="ssh -i /root/.ssh/rsync-id_rsa" \
-avR --stats --delete --max-delete=100 \
$HOST:/etc/ $CURR_DIR

$HOST would be static but $CURR_DIR would vary on each call - it
basically
contains a path containing the date and time, such as:

HOST=myserver
CURR_DIR=/var/spool/backups/$HOST/2004-02-04.18

for a backup run on Feb 4, 2004 at 6pm.

I've setup a non-password protected private key as noted above to
allow
non-interactive complete access to all files I want to backup. I'm
currently
using "PermitRootLogin without-password" in sshd_config and the
from="myclient", no-port-forwarding, no-X11-forwarding,
no-agent-forwarding,
no-pty options in authorized_keys to restrict how this key can be
used. But
this method would allow anyone who managed to obtain the private key
non-
password protected root access to all servers which are being backed
up with
this approach - hopfully without a terminal, but I don't know what
risks
there are in this technique.

I was hoping to use the command="command" option, but from the
description
in the man pages it seems like this wouldn't work, since it seems like
the
command must be static, any command I send is ignored, and I'm not
sure of
which command I'd run on the other end to implement the rsync
technique I
want to do in any case.

I did think potentially the remote command could use environment
variables
which I could set remotely via "PermitUserEnvironment yes" in
sshd_config,
hopefully thereby allowing the remote command to be static, but I
don't see
how this would work with rsync using ssh as an underlying transport.

Questions:
1. Does anyone think that the technique I'm using today is simply too
insecure? Even with the server locked up in a room with no user
access and running no daemons?

2. Is there a way to implement what I'm trying to do with rsync using
some variant of the command="" option to prevent any other use of
this non-password protected key?

Thanks in advance!

Mike

P.S. Please, no spam even though I'm posting through Google and can't
hide
my email address!