Sat Dec 26 09:54:35 CET 2009

rsync backups

Idea: use push backups.  On the backup host, allow a separate
non-passphrase key to dial into rsync using only a very specific
command line.

1. Make a key using ssh-keygen
2. cat key >> authorized_keys
3. edit the line to contain a command=/path/to/validation-script

When telling ssh to use a particular key, you need to also disable
attempting to do otherwise.  I fixed it with the following config script:

HashKnownHosts no
Host *
ForwardAgent no
ForwardX11 no
IdentityFile /root/backup/key
IdentitiesOnly yes