Remote access controls
When designing a backup plan, we must remember that if a malicious agent compromises your computer,
it may be able to delete your backups too. To solve this issue bupstash supports access controls on remote repositories
that can be configured on a per ssh key basis. To do this, we can utilize ssh force commands to restrict a backup client to
only run an instance of
bupstash serve that has limited permissions.
The following assumes you have a backup server with a user called
backups that has openssh sshd running,
and a client computer with an ssh client installed.
In your sshd config file on your server add the following lines:
Match User backups
ForceCommand "bupstash serve --allow-put /home/backups/bupstash-repository"
This means the backups user is only able to run the bupstash serve command with a hard coded set of permissions and repository
Next add an ssh key you intend to use for backups to
$SERVER/home/backups/.ssh/authorized_keys, such that the user sending
backups can connect to the remote server using ssh based login.
Because of our sshd configruation, the client is only authorized to create new backups, but not list or remove them:
$ bupstash put ./files
$ bupstash list
server has disabled query and search for this client
bupstash serve command also supports allowing fetching data, entry removal and garbage collection. With these
options we can create a backup plan where clients can create new backups, and an administrator is able to cycle old backups
from the secure machine.