[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] How to run duplicity with a Cron Job
From: |
Mitchell Perilstein |
Subject: |
Re: [Duplicity-talk] How to run duplicity with a Cron Job |
Date: |
Thu, 01 Sep 2005 11:32:48 -0400 |
User-agent: |
Mozilla Thunderbird 1.0.2 (X11/20050404) |
Jonathan W. Smith wrote:
4. Are you able to simply "ssh remote_machine -l root" doing the same thing
your cron job will do?
That one threw me. I will have to read the man for ssh to try to understand
better that suggestion. I do know that I lack and always will lack root
privileges on the machine to where I am asking duplicity to place an
encrypted, compressed backup.
Here's what I do to duplicity from a variety of source machine "SOURCE1", SOURCE2, etc. as
root to one backup machine BACKUP with no root usage on BACKUP.
1. make a plain user account on the backup machine called SOURCE1.
2. as root on source1, ssh-keygen -t dsa
3. copy source1 root's id_dsa.pub to source1's authorized_keys file on the
backup machine.
4. as root on source1, you should be able to do this:
ssh -l source1 your.backup.machine
which means go there as that user. Notice I didn't mention passwords. If you give a
password in step 2, you'll need to mess with the agent as you've discovered, on every
source host. If you don't give a password, there will be no agent required to have
password-less SSH to backup host. This means someone could get user access on your backup
machine by stealing root's .ssh directory on any of your source machines, but not root
access immediately.
In either case, you might want to have the source users run in some kind of chroot jail on
the backup machine. They only neeed to run a few programs.
5. Once you can shell to the backup machine with no password, duplicity is ready to run
from cron. Your cron script can do something like this:
#!/bin/sh
myname=`hostname`
server=your.backup.machine
duplicity ... source specs ... scp://address@hidden//home/${myname}/backups
hope this helps someone,
--
Mitchell Perilstein
Partner
ACE Technology Group, LLC
http://www.acetechgroup.com
(866) 229-1543 x11
mitch.vcf
Description: Vcard