Hi,
Timothy Murphy wrote on 2008-12-27 12:19:48 +0000 [Re: [BackupPC-users] sshd on
client?]:
> Nils Breunese (Lemonbit) wrote:
> >Timothy Murphy wrote:
> >> Sorry, /etc/BackupPC/config.pl is 2165 lines long.
> >> I've no intention of reading that.
> >> Life is too short.
so you'd rather spend your and our time discussing why your setup is not
working? Well, thanks a lot. Life is too short to bother helping you then.
Actually, reading documentation usually *saves* time when you're dealing
with something more versatile than an oven knob.
> > If you're serious about doing backups, I recommend you really read
> > through the configuration. I read all of it and afterwards I
> > understood a lot more about how BackupPC works, what it's doing
> > exactly and what kind of things can be changed and tweaked.
>
> You are a guru.
> I am just a newbie user.
I would summarize differently:
Nils wants to rely on his backups doing what they are supposed to, in the most
efficient manner.
You seem to want to do backups because someone said it's cool.
> I feel I am inundated with far too much information.
> My RAM is full.
I know the feeling. That makes you miss some things that would be important to
you - not to get them for free, sadly.
> I want to learn the minimum necessary to play music on my laptop.
> run BackupPC, etc.
You don't *need* to do backups. If you feel it is necessary *for you*, you
will need to invest as much time as it takes to get things up and running
satisfactorily *for you*. Nobody is saying you need to do a full restore to
see if things are working properly. Nobody is saying you need to keep an
offsite image of your pool. Nobody is saying you must not use remote root
access to obtain your backups. In fact, I'm saying I can't decide for you what
you need to do *in your circumstances*. But, trust me, if there were a
comprehensive tutorial like you are requesting other people should write for
you, it would likely contain the above points. If you write a guide "for
dummies", why not make them do things right, even if it means a lot of work
for them? At least nobody will complain later on, that something went wrong.
> I don't want to tweak anything, unless that is essential.
Again: who defines "essential" and how does he define it?
For the archives: Nils and Les both correctly pointed out that you generate
the ssh key *on the BackupPC server* and copy the *public part* to the
authorized_keys file of the target user on the client host(s) you are backing
up.
I would like to add (again) that using root as the target user means that
anyone gaining access to your BackupPC server (as user backuppc) has full root
access to your client hosts. This can easily be avoided by instead using a
non-priviledged user and setting up 'sudo' for the command neccessary for
making backups - if sudo is even needed (if the target user has read
permission for everything you want to back up, it isn't). If you also enable
*restores* this way, you are probably making it possible for a potential
attacker to overwrite /etc/shadow, thus giving him full root access again. You
cannot prevent someone who has access to the server as backuppc user from
reading (modifying, deleting) all the data in your backups, so protect your
server well. In particular, do *not* put gratuitious passwordless ssh keys in
~backuppc/.ssh/authorized_keys on the BackupPC server - you do not need them;
in fact this file does not even need to exist.
So, while the instructions posted twice by Timothy do not obviously break
things, they also solve no problem and potentially cause a security problem
(depending on your setup, of course).
Hope that helps.
Regards,
Holger
------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
