Re: [Duplicity-talk] How to run duplicity with a Cron Job

[Mitchell Perilstein]

Jonathan W. Smith wrote:
> 4. Are you able to simply "ssh remote_machine -l root" doing the same thing
> your cron job will do?
>
> That one threw me. I will have to read the man for ssh to try to understand
> better that suggestion. I do know that I lack and always will lack root
> privileges on the machine to where I am asking duplicity to place an
> encrypted, compressed backup.

Here's what I do to duplicity from a variety of source machine "SOURCE1", SOURCE2, etc. as 
root to one backup machine BACKUP with no root usage on BACKUP.

1. make a plain user account on the backup machine called SOURCE1.

2. as root on source1, ssh-keygen -t dsa

3. copy source1 root's id_dsa.pub to source1's authorized_keys file on the 
backup machine.

4. as root on source1, you should be able to do this:

    ssh -l source1 your.backup.machine

which means go there as that user.  Notice I didn't mention passwords.  If you give a 
password in step 2, you'll need to mess with the agent as you've discovered, on every 
source host.  If you don't give a password, there will be no agent required to have 
password-less SSH to backup host.  This means someone could get user access on your backup 
machine by stealing root's .ssh directory on any of your source machines, but not root 
access immediately.

In either case, you might want to have the source users run in some kind of chroot jail on 
the backup machine.  They only neeed to run a few programs.

5. Once you can shell to the backup machine with no password, duplicity is ready to run 
from cron.   Your cron script can do something like this:

    #!/bin/sh
    myname=`hostname`
    server=your.backup.machine
    duplicity ... source specs ...  scp://address@hidden//home/${myname}/backups


hope this helps someone,
--
Mitchell Perilstein
Partner
ACE Technology Group, LLC
http://www.acetechgroup.com
(866) 229-1543 x11

mitch.vcf
Description: Vcard