remote backup: update documentation about agent usage and security concerns #374
Description
It took me forever to find out, what that mysterious agent is, which is started up on the remote side.
As it seems it is just:
pg_probackup-11 agent
Which is documented absolutely nowhere, not even when entering pg_probackup-11 --help (at least I was unable to find it)
Would be great if it would be documented. It makes it a lot easier to properly restrict access.
Also the documentation should be updated, about how to properly restrict the ssh access on the backup server. Since this is absolutely necessary,because otherwise if an attacker manages to get access to the postgres user on the database server, he'd be able to delete the productive database AND all backups of it.
(yes an admins should already know that, but we all know what reality looks like ;-) )
So on the backup server the ssh access should be restricted at least with
"command="/usr/bin/pg_probackup-11 agent" in ~/.ssh/authorized_keys. In most cases restricting port-forwarding etc. would also be a good idea.
And it would be a good idea to do the same on the db server side.