Re: [BackupPC-users] [newb] ssh rsync with restricted permissions

I'm deliberately top-posting to ask, did you setup everything the
"standard" way and get it working?  If not, try that first and then
start changing things.  The above (below) suggestion may simply be
failing due to some other setup issue, not the security issue that
concerns you.  And I am not expert enough to diagnose much at all, and
certainly not a non-standard setup :)

> Can really nobody help me out, or should I start a new subject?

Uh, there were 6-7 suggestions/replies.  We're trying.

A.

On Wed, Mar 30, 2011 at 5:45 PM, yilam <backuppc-forum AT backupcentral DOT 
com> wrote:
> Well I tried your setup (need I say I am new to backuppc?) with on the client:
>
> * /etc/sudoers:
> Cmnd_Alias      BACKUP = /usr/bin/rsync --server --daemon *
> buclient          my-host = NOPASSWD: BACKUP
>
> * ~buclient/.ssh/authorized_keys2
> no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding,command="sudo 
> /usr/bin/rsync --server --daemon --config=/etc/rsyncd.conf ." ssh-rsa 
> AAAAB....
>
> * /etc/rsyncd.conf
> uid = root
> pid file = /var/lib/buclient/run/rsyncd.pid
> use chroot = no
> read only = true
> transfer logging = true
> log format = %h %o %f %l %b
> syslog facility = local5
> log file = /var/lib/buclient/log/rsyncd.log
> [fullbackup]
>        path = /var/log/exim4
>        comment = backup
>
> >From the server (backuppc machine), I can do the following:
>
> /usr/bin/rsync -v -a -e "/usr/bin/ssh -v -q -x -2 -l buclient -i 
> /var/lib/backuppc/.ssh/id_rsa" [email protected]::fullbackup /tmp/TEST
>
> However, I have not found the correct $RsyncClientCmd to use, for backuppc to 
> work. The following value
> $Conf{RsyncClientCmd} = '$sshPath -q -x -l buclient -i 
> /var/lib/backuppc/.ssh/id_rsa.backuppc_casiopei $host $rsyncPath $argList+';
>
> Gives me (using /usr/share/backuppc/bin/BackupPC_dump -v -f 192.168.1.1):
> [...]
> full backup started for directory fullbackup
> started full dump, share=fullbackup
> Error connecting to rsync daemon at 192.168.1.1:22: unexpected response 
> SSH-2.0-OpenSSH_5.1p1 Debian-5
>
> Got fatal error during xfer (unexpected response SSH-2.0-OpenSSH_5.1p1 
> Debian-5
> )
> [...]
>
> And on the client, I have, in /var/log/auth.log:
> Mar 30 23:35:22 my-host sshd[1389]: Bad protocol version identification 
> '@RSYNCD: 28' from 192.168.1.22
>
> Any ideas on how to get this to work (BTW, server is Debian/Squeeze, client 
> is Debian/Lenny).
>
> Thank you
>
> tom
>
> +----------------------------------------------------------------------
> |This was sent by sneaky56 AT gmx DOT net via Backup Central.
> |Forward SPAM to abuse AT backupcentral DOT com.
> +----------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------------
> Create and publish websites with WebMatrix
> Use the most popular FREE web apps or write code yourself;
> WebMatrix provides all the features you need to develop and
> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> _______________________________________________
> BackupPC-users mailing list
> BackupPC-users AT lists.sourceforge DOT net
> List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki:    http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
>



-- 
"It turns out there is considerable overlap between the smartest bears
and the dumbest tourists."

------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/