Re: [BackupPC-users] Problems to backup linux network computer

You can also use the sshd option:

PermitRootLogin without-password

This will only allow root logins with a key pair.

see man sshd_config(5) for more info.

Regards,
Sebastiaan

Jose Torres wrote:

I have ssh password access on, but removed the root password.  So I can
login but root requires the key.

But anyway I would like to do the "...connect as a different user and add a
sudo layer to run the backup."
(I could create a key for backuppc, remove the password and make it sudoer
on the remote server)

How would I do the sudo layer?


-----Original Message-----
From: Les Mikesell [mailto:lesmikesell AT gmail DOT com]Sent: Thursday, December 03, 2009 3:55 PM
To: General list for user discussion, questions and support
Subject: Re: [BackupPC-users] Problems to backup linux network computer

Jose Torres wrote:
This is the default backuppc tar command:$sshPath -q -x -n -l root $host env LC_ALL=C $tarPath -c -v -f - -C
$shareName+ --totals

I had this:
usr/bin/sudo $tarPath -c -v -f - -C $shareName --totals
This should have been in the per-pc config for the server host. Or(better) done in the web 'edit config' for the server host only.
I was missing that the $shareName parameter needed to be change to a NFS
mount from the network computer to be backup (serverv2v2) corresponding to
the remote '/' mount on the backuppc server (server2).  This way the
changed
tar command would have backup the correct data instead of the local '/'.
The mount had to be made with the root credentials so as to have read all
access, and mapped to the backuppc user to inherit the read all access on
the backup server.  The mount could be done a permanent mount or can be
made
DumpPreShareCmd/DumpPostShareCmd so as make and remove the mount during
backup.
Another way to solve it is to make the tar command back at default
(more/less):
$sshPath -q -x -n -l root $host env LC_ALL=C $tarPath -c -v -f - -C
$shareName --totals

I did this and it worked fine now. The thing will be that we need to use
ssh
with root user which can become a security breach.
You should probably consider using rsync over ssh for the remotemachine(s) because it has several advantages over tar. As forsecurity, there are some things you can do to limit ssh access. If themachine is internet-exposed you should make sure that password basedaccess is disabled - and you can restrict the commands that can beexecuted or even connect as a different user and add a sudo layer to runthe backup. But mostly you have to be very careful about access to theprivate key on the backuppc server so no one can copy it. If passwordaccess is off, someone must have the private side of the key to connect.

smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing. 
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev

_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/