| 1 |
>> I'm setting up an automated rdiff-backup system and I'm stuck between |
| 2 |
>> pushing the backups to the backup server, and pulling the backups to |
| 3 |
>> the backup server. If I push, I have to allow read/write access of my |
| 4 |
>> backups via SSH keys. If I pull, I have to enable root logins on each |
| 5 |
>> system to be backed-up, allow root read access of each system via SSH |
| 6 |
>> keys, and I have to deal with openvpn or ssh -R so my laptop can back |
| 7 |
>> up from behind foreign routers. The conventional wisdom online seems |
| 8 |
>> to indicate pulling is better, but pushing seems like it might be |
| 9 |
>> better to me. Do you push or pull? |
| 10 |
> |
| 11 |
> I would push, to be honest. |
| 12 |
|
| 13 |
Me too. The rdiff-backup "UnattendedRdiff" wiki page only has |
| 14 |
instructions for pulling but that doesn't seem like the way to go: |
| 15 |
|
| 16 |
http://wiki.rdiff-backup.org/wiki/index.php/UnattendedRdiff |
| 17 |
|
| 18 |
> You can seperate the backups by giving each system a different account where |
| 19 |
> to store the backups. |
| 20 |
|
| 21 |
I'm not sure what you mean. The backups are all stored on the backup server. |
| 22 |
|
| 23 |
> This way you can also have better control over when to do the backup. If your |
| 24 |
> laptop hooks up via VPN just to quickly check email over an expensive or slow |
| 25 |
> link, you might not want the backup to start downloading all the pictures you |
| 26 |
> took during the holiday or that 300-page manuscript you wrote for your book. |
| 27 |
> |
| 28 |
> -- |
| 29 |
> Joost |
| 30 |
|
| 31 |
Here's what I'm doing. root on 3 machines pushes to non-root on a 4th |
| 32 |
machine via rdiff-backup and SSH keys. The SSH keys are restricted |
| 33 |
like so (although there is no from= for the laptop's key since it |
| 34 |
could be behind any IP): |
| 35 |
|
| 36 |
command="rdiff-backup |
| 37 |
--server",from="12.34.56.78",no-port-forwarding,no-X11-forwarding,no-pty |
| 38 |
ssh-rsa ... root@machine1 |
| 39 |
|
| 40 |
Is this a good arrangement? I think the worst-case scenario |
| 41 |
(compromised SSH keys) is read/write access of the non-root user on |
| 42 |
the backup server via rdiff-backup. |
| 43 |
|
| 44 |
Additionally, the backups on the 4th machine are pushed to another |
| 45 |
machine by root to non-root via rsync and SSH keys. Is there a way to |
| 46 |
restrict SSH keys to the rsync command? |
| 47 |
|
| 48 |
Should the non-root backup user have any special configuration? |
| 49 |
|
| 50 |
Can I reserve 0% for root on my USB hard drive which is only used for |
| 51 |
backups and does not contain an OS? |
| 52 |
|
| 53 |
- Grant |
Archives