[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[rdiff-backup-users] Re: rdiff unattended backup questions.
From: |
Troels Arvin |
Subject: |
[rdiff-backup-users] Re: rdiff unattended backup questions. |
Date: |
Thu, 18 Aug 2005 14:56:56 +0200 |
User-agent: |
Pan/0.14.2.91 (As She Crawled Across the Table) |
On Wed, 17 Aug 2005 21:54:45 -0800, Noah wrote:
> but I want to do something a little different. I want the machine that I am
> backing up to intiate the ssh connection to the server that is providing the
> backup space. I still want the rdiff-backup exchange to be handled by ssh.
First, let's agree on terminology:
backup-host: host storing the backup data
production-host: host where the data originated from
In your case, the production-host will ssh to the backup-host and push
data: production-host ---ssh---> backup-host.
I assume that on the production-host, you will be using the root account.
On the backup host, I don't know which login you will use; let's call that
account "BACKUPUSER".
Now, first you need to make sure that root at production-host can do the
following without having to enter a password:
ssh address@hidden
This normally entails:
1. address@hidden runs "ssh-keygen -t rsa" which yields some
files in ~root/.ssh/
2. Transport the contents of ~root/.ssh/id_rsa.pub (one line)
and add it to BACKUPUSER's .ssh/authorized_keys file on backup-host.
Make sure that BACKUPUSER's .ssh directory and authorized_keys
directory/file may only be written to by BACKUPUSER (otherwise
ssh will refuse to use authorized_keys).
3. Now, address@hidden should be able to ssh backup-host
as user BACKUPUSER.
After this has been set up, the rest should be easy:
a. learn how to use rdiff-backup
b. adjust BACKUPUSER's authorized_keys file, tightening
up security, perhaps adjusting so that the relevant
line looks somewhat like this (one long line):
from="11.22.33.44",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="rdiff-backup
--server" ssh-rsa AAAA....XXXX address@hidden
(Read ssh's manual pages for more on this.)
--
Greetings from Troels Arvin