Please note: the following is _no longer_ an issue as of
rsync-backup v0.2.5.  This question and


1.	I know ssh very well and it is obvious to me not to use the root 
password for this task. But I can not follow you how it could happen
to wipe out the servers root partition when doing so. What's the
matter?

A.	When using ssh rsa or dsa keys I can force which command gets
run for a given key.  I always force the command to 
"/usr/sbin/rsync-backup-server", so the server side rsync always runs 
chrooted under /backups/the_ip_address_of_the_client/ .

	If someone started up the backup process using a password, the    
server end would no longer be forced to run
/usr/sbin/rsync-backup-server, but would instead run the server side
rsync binary instead.  The client would be syncing up it's files with
the root partition on the server side.  The server side root partition
would be replaced with the clients root partition.  :-(

	As of rsync-backup v0.2.5, the client forces the path to the
rsync binary; the path is forced to /usr/sbin/rsync-backup-server . 
Sneaky, but it works well.  Now, if someone runs the client without
using ssh keys, the root partition of the backup server is no longer in
danger.  The only quirk is that there is no longer a way to specify a
backup name, meaning that all backups will again be placed under their
source IP address (only an issue if you're using named backups).