|
 rdiff unattended backup questions.
On Wed, 17 Aug 2005 21:54:45 -0800, Noah wrote:
but I want to do something a little different. I want the machine that I am
backing up to intiate the ssh connection to the server that is providing the
backup space. I still want the rdiff-backup exchange to be handled by ssh.
First, let's agree on terminology:
backup-host: host storing the backup data
production-host: host where the data originated from
In your case, the production-host will ssh to the backup-host and push
data: production-host ---ssh---> backup-host.
I assume that on the production-host, you will be using the root account.
On the backup host, I don't know which login you will use; let's call that
account "BACKUPUSER".
Now, first you need to make sure that root at production-host can do the
following without having to enter a password:
ssh BACKUPUSER < at > backup-host
This normally entails:
1. root < at > production-host runs "ssh-keygen -t rsa" which yields some
files in ~root/.ssh/
2. Transport the contents of ~root/.ssh/id_rsa.pub (one line)
and add it to BACKUPUSER's .ssh/authorized_keys file on backup-host.
Make sure that BACKUPUSER's .ssh directory and authorized_keys
directory/file may only be written to by BACKUPUSER (otherwise
ssh will refuse to use authorized_keys).
3. Now, root < at > production-host should be able to ssh backup-host
as user BACKUPUSER.
After this has been set up, the rest should be easy:
a. learn how to use rdiff-backup
b. adjust BACKUPUSER's authorized_keys file, tightening
up security, perhaps adjusting so that the relevant
line looks somewhat like this (one long line):
from="11.22.33.44",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="rdiff-backup
--server" ssh-rsa AAAA....XXXX root < at > production-host
(Read ssh's manual pages for more on this.)
--
Greetings from Troels Arvin
|
