Re: [Duplicity-talk] How to run duplicity with a Cron Job

[jonathan . w . smith]

Thanks again for the consideration of a reply

Whether I access the backup machine by means of 'ssh -l source1 
your.backup.machine' or 'ssh address@hidden', I am prompted for my account 
password on the backup machine, which, if I enter the correct password, I then 
have access to the backup machine.

The password prompt is a different prompt than the one that I get when I use a 
remote backup script to ask duplicity to create a backup. That prompt is "Enter 
passphrase for key '/root/.ssh/id_rsa':"

I hope that is clear. I do get confused. 

I was confused in your example when you gave the user the name of source1 on 
the backup server. This was the same name as the example of a name for a server 
that was the source of files to be backed up. 

Just to show you how stupid a user I can be!
 -------------- Original message ----------------------
From: Mitchell Perilstein <address@hidden>
> 
> 
> Jonathan W. Smith wrote:
> > 4. Are you able to simply "ssh remote_machine -l root" doing the same thing
> > your cron job will do?
> > 
> > That one threw me. I will have to read the man for ssh to try to understand
> > better that suggestion. I do know that I lack and always will lack root
> > privileges on the machine to where I am asking duplicity to place an
> > encrypted, compressed backup.
> 
> Here's what I do to duplicity from a variety of source machine "SOURCE1", 
> SOURCE2, etc. as 
> root to one backup machine BACKUP with no root usage on BACKUP.
> 
> 1. make a plain user account on the backup machine called SOURCE1.
> 
> 2. as root on source1, ssh-keygen -t dsa
> 
> 3. copy source1 root's id_dsa.pub to source1's authorized_keys file on the 
> backup machine.
> 
> 4. as root on source1, you should be able to do this:
> 
>      ssh -l source1 your.backup.machine
> 
> which means go there as that user.  Notice I didn't mention passwords.  If 
> you 
> give a 
> password in step 2, you'll need to mess with the agent as you've discovered, 
> on 
> every 
> source host.  If you don't give a password, there will be no agent required 
> to 
> have 
> password-less SSH to backup host.  This means someone could get user access 
> on 
> your backup 
> machine by stealing root's .ssh directory on any of your source machines, but 
> not root 
> access immediately.
> 
> In either case, you might want to have the source users run in some kind of 
> chroot jail on 
> the backup machine.  They only neeed to run a few programs.
> 
> 5. Once you can shell to the backup machine with no password, duplicity is 
> ready 
> to run 
> from cron.   Your cron script can do something like this:
> 
>      #!/bin/sh
>      myname=`hostname`
>      server=your.backup.machine
>      duplicity ... source specs ...  
> scp://address@hidden//home/${myname}/backups
> 
> 
> hope this helps someone,
> -- 
> Mitchell Perilstein
> Partner
> ACE Technology Group, LLC
> http://www.acetechgroup.com
> (866) 229-1543 x11
>

--- Begin Message --- Subject: Re: [Duplicity-talk] How to run duplicity with a Cron Job Date: Thu, 1 Sep 2005 15:34:12 +0000

mitch.vcf
Description: Vcard

--- End Message ---