BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] sshd on client?

2008-12-27 16:16:57
Subject: Re: [BackupPC-users] sshd on client?
From: Timothy Murphy <gayleard AT eircom DOT net>
To: backuppc-users AT lists.sourceforge DOT net
Date: Sat, 27 Dec 2008 21:14:23 +0000 
Holger Parplies wrote:

>> >> Sorry, /etc/BackupPC/config.pl is 2165 lines long.
>> >> I've no intention of reading that.
>> >> Life is too short.
> 
> so you'd rather spend your and our time discussing why your setup is not
> working? Well, thanks a lot. Life is too short to bother helping you then.

Have you helped me, or tried to?
If so, thanks.
In either case, BackupPC is working perfectly for me now,
so hopefully I won't need your or anyone else's help

> Actually, reading documentation usually *saves* time when you're dealing
> with something more versatile than an oven knob.

Only if it is reasonably terse.
Eg no-one in their right mind reads sendmail or apache documentation.
You would be dead before you used the program itself.

>> > If you're serious about doing backups, I recommend you really read
>> > through the configuration. I read all of it and afterwards I
>> > understood a lot more about how BackupPC works, what it's doing
>> > exactly and what kind of things can be changed and tweaked.

That's the difference between us.
I don't really want to know how BackupPC works, as long as it works.

>> You are a guru.
>> I am just a newbie user.
> 
> I would summarize differently:
> Nils wants to rely on his backups doing what they are supposed to, in the
> most efficient manner.
> You seem to want to do backups because someone said it's cool.

Nobody told me it was cool.
I just thought it was about time I started backing up.
Actually I used to back up in a simple-minded way with rsync,
but BackupPC is much simpler (once it is working) as well as cooler.

>> I want to learn the minimum necessary to play music on my laptop.
>> run BackupPC, etc.
> 
> You don't *need* to do backups.

How do you know?
It would actually be a terrible nuisance, 
and take weeks if not months to recover,
if I lost everything on my system.

> If you write a
> guide "for dummies", why not make them do things right, even if it means a
> lot of work for them? 

But I don't think it does mean a lot of work.
If you tell people they must read vast documents in order to backup,
most people won't backup.

> For the archives: Nils and Les both correctly pointed out that you
> generate the ssh key *on the BackupPC server* and copy the *public part*
> to the authorized_keys file of the target user on the client host(s) you
> are backing up.

But what I did actually worked.
I think that running "ssh -l root <client>" as backuppc on the server
actually installs backuppc's info in root's known_hosts on the client.

> I would like to add (again) that using root as the target user means that
> anyone gaining access to your BackupPC server (as user backuppc) has full
> root access to your client hosts.

But that is the default in the CentOS-5.2 installation.
I do see the danger, though that wouldn't apply in my case (hopefully).

> This can easily be avoided by instead
> using a non-priviledged user and setting up 'sudo' for the command
> neccessary for making backups - if sudo is even needed (if the target user
> has read permission for everything you want to back up, it isn't). If you
> also enable *restores* this way, you are probably making it possible for a
> potential attacker to overwrite /etc/shadow, thus giving him full root
> access again. You cannot prevent someone who has access to the server as
> backuppc user from reading (modifying, deleting) all the data in your
> backups, so protect your server well. In particular, do *not* put
> gratuitious passwordless ssh keys in ~backuppc/.ssh/authorized_keys on the
> BackupPC server - you do not need them; in fact this file does not even
> need to exist.

I do see what you are saying, and I will think about it.
The instructions I followed were taken from one of the many tutorials
I looked at.



-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland


------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [BackupPC-users] Archiving, Edward Parker
Next by Date:  Re: [BackupPC-users] sshd on client?, Timothy Murphy
Previous by Thread:  Re: [BackupPC-users] sshd on client?, Holger Parplies
Next by Thread:  Re: [BackupPC-users] sshd on client?, Les Mikesell
Indexes:  [Date] [Thread] [Top] [All Lists]