I'd like to backup all my files on all the computers I have access to. I'd like to tunnel the transfers over SSH. I'd like to have automatic backups.
1: I let the clients connect regularly to my backup server. This would require that all the clients have passphraseless SSH private keys that let them log in to the server. If someone gets one of those keys, they can log in to the backup server and delete all my backups.
2: I let the backup server connect regularly to the clients. This would require only the backup server to have a passphraseless SSH private key. But the clients would have to authorize logins with that key. If someone gets my private key from the backup server, they can log in to all my other machines.
3: I don't do backups. I don't have passphraseless SSH keys. Not even having access to my private keys would allow someone to log in to any of my computers.
:(
1: I let the clients connect regularly to my backup server. This would require that all the clients have passphraseless SSH private keys that let them log in to the server. If someone gets one of those keys, they can log in to the backup server and delete all my backups.
2: I let the backup server connect regularly to the clients. This would require only the backup server to have a passphraseless SSH private key. But the clients would have to authorize logins with that key. If someone gets my private key from the backup server, they can log in to all my other machines.
3: I don't do backups. I don't have passphraseless SSH keys. Not even having access to my private keys would allow someone to log in to any of my computers.
:(
look at rdiff-backup
the clients connect to the sshd of the host using a key... but the key is only allowed to do one thing... activate and rdiff-backup-server instance. Then it does an encrypted rsync of the data.
Good stuff. Open Source. Python I believe.
the clients connect to the sshd of the host using a key... but the key is only allowed to do one thing... activate and rdiff-backup-server instance. Then it does an encrypted rsync of the data.
Good stuff. Open Source. Python I believe.
I'll second rdiff-backup, used it to backup my server and it worked fairly painless.
Why is this considered "philosophy and religion" btw?
Maybe the next layer on top of http://farm1.static.flickr.com/36/96987427_d3a0582fdc_o.jpg ?
Maybe the next layer on top of http://farm1.static.flickr.com/36/96987427_d3a0582fdc_o.jpg ?
pretty sweet shirt, where can i pick one of those up
> the clients connect to the sshd of the host using a key... but the key is only allowed to do one thing... activate and rdiff-backup-server instance. Then it does an encrypted rsync of the data.
Sounds good, but can I do this even when I haven't got root on the backup server?
Sounds good, but can I do this even when I haven't got root on the backup server?
I don't see why not.
> pretty sweet shirt, where can i pick one of those up
There from ISC, I think you can buy them for their website, not sure ... I got it for free at a talk about bind 10 ;-)
There from ISC, I think you can buy them for their website, not sure ... I got it for free at a talk about bind 10 ;-)
> I don't see why not.
Don't I have to create a new account for making backups?
Don't I have to create a new account for making backups?
hrmm not sure... I don't think so... you just need two sets of keys i think
All the examples I've seen create a new user for backups.