BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] sshd on client?

2008-12-26 22:51:23
Subject: Re: [BackupPC-users] sshd on client?
From: Timothy Murphy <gayleard AT eircom DOT net>
To: backuppc-users AT lists.sourceforge DOT net
Date: Sat, 27 Dec 2008 03:49:10 +0000 
Holger Parplies wrote:

> actually, ssh is most useful for inter-realm access. On my local intranet,
> password and data snooping are not a real threat. I use ssh anyway, out of
> habit.

Surely it is quite difficult to use anything else on a Linux system?
What is the alternative?

> But who says my user name for my university account, work account,
> home account are all identical?

Fortunately I am lucky enough to be able to use the same name everywhere.

>> >>> That is what I found to be the essential point in getting BackupPC
>> >>> working.
>> >>> Amazingly, it did not see to be stated clearly in any of the
>> >>> tutorials
> 
> Two points strike me when reading this:
> 
> 1.) There is an evident misconception of the scope of BackupPC.
>     ssh is not part of BackupPC. BackupPC provides about four transfer
>     methods ($Conf{XferMethod}): tar, smb, rsync and rsyncd ('BackupPCd'
>     omitted on purpose). For network backups (but not local backups!) you
>     need to provide a method to bridge the gap between local host and
>     remote host. For smb and rsyncd, the protocol itself does this (but
>     you may want to trick it into using an ssh tunnel). For tar and rsync,
>     you can use anything that works for you.
>     Most people probably use ssh, because that is secure and fairly easy
>     to set up. I use NFS in one setup - no ssh involved. I could imagine
>     using rsh or even netcat in a trusted environment. Or, of course, any
>     home-grown protocol that transparently passes data over the network.
>     You see that it is impossible to document all conceivable cases,
>     because they are essentially site-specific. That is true even for the
>     classic 'rsync over ssh' case. Probably all security-conscious people
>     do *not* 'ssh -l root ...'. I use the backuppc user on the remote end
>     and then 'sudo' to gain root access for the rsync command and that
>     only. So it is specific to *your* setup and *your* requirements which
>     access you actually need to test. Furthermore, it is documented in
>     *your* configuration files, which access is actually used.

The difference between us is, in brief, that I don't want to know
99 ways of doing something,
and I don't want to have to read the Encyclopedia Britannica
in order to find out how to turn on the oven.

I imagine 99% of people use rsync with BackupPC on Linux systems,
so personally I would prefer the other methods to be relegated
to an appendix.

I also imagine 99% of people download a binary version of BackupPC,
so the basic question is what changes from the default one has to make.
In my case the only change on the clients
is to specify the directories I want to backup,
and the only change on the server is to specify which machines
are allowed to access it.

The rest is setting up ssh to work as root on the clients,
and this requires 3 steps:
1. ssh-keygen as root on the client
2. scp .ssh/id_rsa.pub from /root on the client to the server
   and append to ~backuppc/.ssh/authorized_keys .
3. run "ssh -l root <client>" as backuppc on the server.

In other words, as far as I can see,
complete instructions could be given on half a page,
at least in the case of CentOS-5.2, which I am using.

Maybe other distributions are more complicated?

>> > and in the case of backuppc it is not clear that this is what is
>> > being done,
>> > unless one looks "behind the scenes".
> 
> As I said, "behind the scenes" means "what *you* configured". If you use
> the default values, you will need to understand what they mean. You should
> at least have *looked at* the values, in which case you should have
> noticed the 'ssh -q -x -l root $host ...'

Sorry, /etc/BackupPC/config.pl is 2165 lines long.
I've no intention of reading that.
Life is too short.


-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland


------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] BackupPC_link got error -4 when calling MakeFileLink, Holger Parplies
Next by Date:  Re: [BackupPC-users] BackupPC_link got error -4 when calling MakeFileLink, Juergen Harms
Previous by Thread:  Re: [BackupPC-users] sshd on client?, Holger Parplies
Next by Thread:  Re: [BackupPC-users] sshd on client?, Les Mikesell
Indexes:  [Date] [Thread] [Top] [All Lists]