Menu
▾
▴
Re: [BackupPC-users] Problems to backup linux network computer
|
From: Sebastiaan v. E. <se...@se...> - 2009-12-03 21:40:18
|
You can also use the sshd option: PermitRootLogin without-password This will only allow root logins with a key pair. see man sshd_config(5) for more info. Regards, Sebastiaan Jose Torres wrote: > I have ssh password access on, but removed the root password. So I can > login but root requires the key. > > But anyway I would like to do the "...connect as a different user and add a > sudo layer to run the backup." > (I could create a key for backuppc, remove the password and make it sudoer > on the remote server) > > How would I do the sudo layer? > > > -----Original Message----- > From: Les Mikesell [mailto:les...@gm...] > Sent: Thursday, December 03, 2009 3:55 PM > To: General list for user discussion, questions and support > Subject: Re: [BackupPC-users] Problems to backup linux network computer > > Jose Torres wrote: >> This is the default backuppc tar command: >> $sshPath -q -x -n -l root $host env LC_ALL=C $tarPath -c -v -f - -C >> $shareName+ --totals >> >> I had this: >> usr/bin/sudo $tarPath -c -v -f - -C $shareName --totals > > This should have been in the per-pc config for the server host. Or > (better) done in the web 'edit config' for the server host only. > >> I was missing that the $shareName parameter needed to be change to a NFS >> mount from the network computer to be backup (serverv2v2) corresponding to >> the remote '/' mount on the backuppc server (server2). This way the > changed >> tar command would have backup the correct data instead of the local '/'. >> The mount had to be made with the root credentials so as to have read all >> access, and mapped to the backuppc user to inherit the read all access on >> the backup server. The mount could be done a permanent mount or can be > made >> DumpPreShareCmd/DumpPostShareCmd so as make and remove the mount during >> backup. >> >> Another way to solve it is to make the tar command back at default >> (more/less): >> $sshPath -q -x -n -l root $host env LC_ALL=C $tarPath -c -v -f - -C >> $shareName --totals >> >> I did this and it worked fine now. The thing will be that we need to use > ssh >> with root user which can become a security breach. > > You should probably consider using rsync over ssh for the remote > machine(s) because it has several advantages over tar. As for > security, there are some things you can do to limit ssh access. If the > machine is internet-exposed you should make sure that password based > access is disabled - and you can restrict the commands that can be > executed or even connect as a different user and add a sudo layer to run > the backup. But mostly you have to be very careful about access to the > private key on the backuppc server so no one can copy it. If password > access is off, someone must have the private side of the key to connect. > |
