FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 09-26-2010, 08:07 PM
walt
 
Default Finalizing my backup system

On 09/26/2010 12:13 PM, Grant wrote:



2. backupninja can email reports. This works on my remote server
which runs postfix, but my laptop and desktop don't run an MTA. Is
there a simple one that would be well-suited to a purpose like this,
or do I need full-blown postfix on my laptop and desktop? Whatever I
choose, I'd also like to use it to send PORTAGE_ELOG messages from
those systems.


I use ssmtp for that purpose and there are at least two more similar
packages in the mail-mta category, but I haven't tried them.
 
Old 09-26-2010, 09:58 PM
Michael Orlitzky
 
Default Finalizing my backup system

On 09/26/2010 03:13 PM, Grant wrote:
> I'm using backupninja to backup data from my laptop, desktop, and
> remote server onto a remote desktop system. backupninja is very
> simple and is really just an interface to a few other programs
> including rdiff-backup. I'm not worried about a good restore method
> for now, I want to focus on keeping it simple and protecting my data.
> This is the first time I've set up a real backup system and I'd love
> to get some advice from you guys. I've got a few questions.
>
> 1. This is the first time I've used passwordless SSH keys. root on
> each system being backed up logs into the remote desktop as a normal
> user to store the backups. Is this pretty safe? I suppose if root is
> compromised on any of the three systems being backed up (via physical
> access or otherwise), the remote desktop will also be compromised as a
> normal user. Maybe that normal user should be extraordinarily
> unprivileged?

You can limit SSH access to only certain commands. On the remote desktop
machine, you probably had to add an entry to the SSH authorized_keys
file. You can prefix that line with the command that the user is allowed
to run. For example (I use rdiff-backup too):

command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding
ssh-rsa <big_ugly_key>

My uneducated guess is that this is safe unless there's a bug in
rdiff-backup or ssh.


> 2. backupninja can email reports. This works on my remote server
> which runs postfix, but my laptop and desktop don't run an MTA. Is
> there a simple one that would be well-suited to a purpose like this,
> or do I need full-blown postfix on my laptop and desktop? Whatever I
> choose, I'd also like to use it to send PORTAGE_ELOG messages from
> those systems.

Both ssmtp and nbsmtp work great for getting mail off your machine and
to a real MTA. Just configure them with your account details (gmail or
whatever). Create new account if you don't want to put your real details
in a text file on every machine.


> 3. On each system I back up /etc, /home/user/backup,
> /var/lib/portage/world, and /usr/src/linux/.config along with anything
> special from that system. Would anyone recommend I back up anything
> else? Some of the hidden directories in /home/user might come in
> handy, but I think I can rebuild those without too much trouble.

Some programs stick stuff in /var/lib. The two most important that I
know of are MySQL and PostgreSQL. I also back up all of /home and /root.


> 4. I have 600GB of music and photos that I'd like to back up somehow,
> but that is too much data to send to my remote desktop over my 20KB/s
> upload. How would you handle this? I was thinking maybe two external
> USB drives that I switch back and forth between being connected to the
> desktop system and being stored in a fireproof/waterproof container
> and hidden somewhere in my apartment to hopefully protect against
> fire, flood, and theft.

How often do you add new photos/music? You could make an initial trip
with a big hard drive and copy everything that way. Then, the subsequent
syncs would require a lot less traffic.


> 5. Do I have enough redundancy with backups only being stored on one system?

Depends on how important your stuff is. Ideally, you should rotate the
physical media on your remote server and keep some copies off-site. That
adds cost obviously; only you know whether or not it's worth it.


> 6. Any ideas for backing up the remote desktop which is the system
> where all the backups are stored? I can't back it up to my desktop or
> laptop because I'm behind some kind of a shared IP address. I also
> don't want to back it up to the remote server because that would
> require SSH keys on the remote server and if the remote desktop is
> compromised I don't want the remote server compromised along with it.

If you really want to do it right, my recommendation would be to set up
a separate machine with a swappable 2TB drive -- and buy a spare. Back
up every other machine to it, and rotate the drive once a week or so.
Keep the out-of-rotation drive at your house, office, or other safe
place so a tyrannosaurus attack can't destroy all of the backups at once.

If you locate the new machine close to your desktop/laptop, you can
easily backup the photos and music to it too.
 
Old 10-06-2010, 05:40 PM
Grant
 
Default Finalizing my backup system

>> I'm using backupninja to backup data from my laptop, desktop, and
>> remote server onto a remote desktop system. *backupninja is very
>> simple and is really just an interface to a few other programs
>> including rdiff-backup. *I'm not worried about a good restore method
>> for now, I want to focus on keeping it simple and protecting my data.
>> This is the first time I've set up a real backup system and I'd love
>> to get some advice from you guys. *I've got a few questions.
>>
>> 1. This is the first time I've used passwordless SSH keys. *root on
>> each system being backed up logs into the remote desktop as a normal
>> user to store the backups. *Is this pretty safe? *I suppose if root is
>> compromised on any of the three systems being backed up (via physical
>> access or otherwise), the remote desktop will also be compromised as a
>> normal user. *Maybe that normal user should be extraordinarily
>> unprivileged?
>
> You can limit SSH access to only certain commands. On the remote desktop
> machine, you probably had to add an entry to the SSH authorized_keys
> file. You can prefix that line with the command that the user is allowed
> to run. For example (I use rdiff-backup too):
>
> *command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding
> *ssh-rsa <big_ugly_key>

I tried both that and simplified versions of it but it seems to
prevent the login from working. It hangs on the following command,
which works if I don't add the above:

ssh -o PasswordAuthentication=no 1.2.3.4 -l user 'echo -n 1'

Should it be working? I noticed I have ssh-dss instead of your ssh-rsa.

- Grant
 
Old 10-06-2010, 07:46 PM
Michael Orlitzky
 
Default Finalizing my backup system

On 10/06/2010 01:40 PM, Grant wrote:
>>> I'm using backupninja to backup data from my laptop, desktop, and
>>> remote server onto a remote desktop system. backupninja is very
>>> simple and is really just an interface to a few other programs
>>> including rdiff-backup. I'm not worried about a good restore method
>>> for now, I want to focus on keeping it simple and protecting my data.
>>> This is the first time I've set up a real backup system and I'd love
>>> to get some advice from you guys. I've got a few questions.
>>>
>>> 1. This is the first time I've used passwordless SSH keys. root on
>>> each system being backed up logs into the remote desktop as a normal
>>> user to store the backups. Is this pretty safe? I suppose if root is
>>> compromised on any of the three systems being backed up (via physical
>>> access or otherwise), the remote desktop will also be compromised as a
>>> normal user. Maybe that normal user should be extraordinarily
>>> unprivileged?
>>
>> You can limit SSH access to only certain commands. On the remote desktop
>> machine, you probably had to add an entry to the SSH authorized_keys
>> file. You can prefix that line with the command that the user is allowed
>> to run. For example (I use rdiff-backup too):
>>
>> command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding
>> ssh-rsa <big_ugly_key>
>
> I tried both that and simplified versions of it but it seems to
> prevent the login from working. It hangs on the following command,
> which works if I don't add the above:
>
> ssh -o PasswordAuthentication=no 1.2.3.4 -l user 'echo -n 1'

That's the point? You can't log in (run /bin/bash) or do anything except
the command listed in the authorized_keys file.


> Should it be working? I noticed I have ssh-dss instead of your ssh-rsa.

That's just the key type, doesn't matter.
 
Old 10-06-2010, 09:43 PM
Grant
 
Default Finalizing my backup system

>>>> I'm using backupninja to backup data from my laptop, desktop, and
>>>> remote server onto a remote desktop system. *backupninja is very
>>>> simple and is really just an interface to a few other programs
>>>> including rdiff-backup. *I'm not worried about a good restore method
>>>> for now, I want to focus on keeping it simple and protecting my data.
>>>> This is the first time I've set up a real backup system and I'd love
>>>> to get some advice from you guys. *I've got a few questions.
>>>>
>>>> 1. This is the first time I've used passwordless SSH keys. *root on
>>>> each system being backed up logs into the remote desktop as a normal
>>>> user to store the backups. *Is this pretty safe? *I suppose if root is
>>>> compromised on any of the three systems being backed up (via physical
>>>> access or otherwise), the remote desktop will also be compromised as a
>>>> normal user. *Maybe that normal user should be extraordinarily
>>>> unprivileged?
>>>
>>> You can limit SSH access to only certain commands. On the remote desktop
>>> machine, you probably had to add an entry to the SSH authorized_keys
>>> file. You can prefix that line with the command that the user is allowed
>>> to run. For example (I use rdiff-backup too):
>>>
>>> *command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding
>>> *ssh-rsa <big_ugly_key>
>>
>> I tried both that and simplified versions of it but it seems to
>> prevent the login from working. *It hangs on the following command,
>> which works if I don't add the above:
>>
>> ssh *-o PasswordAuthentication=no 1.2.3.4 -l user 'echo -n 1'
>
> That's the point? You can't log in (run /bin/bash) or do anything except
> the command listed in the authorized_keys file.

I see what you're saying but don't I need to use the ssh command in
order to use the rdiff-backup command?

- Grant
 
Old 10-07-2010, 01:45 AM
Michael Orlitzky
 
Default Finalizing my backup system

On 10/06/2010 05:43 PM, Grant wrote:
>
> I see what you're saying but don't I need to use the ssh command in
> order to use the rdiff-backup command?
>
> - Grant
>

You shouldn't have to, rdiff-backup does it on its own. When you execute
e.g.,

rdiff-backup /home username@backup.example.com::home

rdiff-backup will connect via SSH and launch that command specified in
the authorized keys file.

For that to work, you'll need password-less SSH to be the default when
connecting to the backup server. Here's what I have in my ~/.ssh/config
to force public key auth to backup.example.com:

Host backup.example.com
Hostname backup.example.com
IdentityFile ~/.ssh/backup_rsa
IdentitiesOnly yes
 

Thread Tools




All times are GMT. The time now is 10:09 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org