I currently back up some of my systems by using dump, piping that
through gzip, and then piping that into an ssh which, on the remote
machine, terminates in a special script to drop the file in the
appropriate place on the disk. (The script is the "shell" for a special
account.)

The script is basically this:

    # Should be owned by tape:wheel, and perms 0370.
    tapedir=/archive/tape
    umask 707
    shift   # Get rid of first argument: -c
    if echo "$1" | grep / 2>&1 >/dev/null; then
	echo 1>&2 "Can't have a slash in filename."
	exit 1
    fi
    cat >"$tapedir/$1";

The permissions forbid overwriting files in /archive/tape, and so even
if someone could get hold of a secret key used to log in, and log in
from the appropriate host (individual keys used for various machines are
only valid from specific hosts), it seems to me the worst damage someone
could do to me would be to fill up the disk. Does anyone see any other
possible security problems here?

Second, I'd like to encrypt these backups, since it's looking like it would
be more convenient for me to leave them on a machine which, unfortunatey,
has a certain amount of public access. Does anyone have any suggestions on
what to use?

I'm thinking of using gpg, but after playing around for a bit I'm
stymied on what options I can give gpg to stop it attempting to create
key rings and all of that, and just encrypt stdin to stdout using a
given public key.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.NetBSD.org
    Don't you know, in this new Dark Age, we're all light.  --XTC