Date: Sat, 19 Dec 2009 16:48:53 +0000 From: cl@isbd.net To: main@lists.alug.org.uk Subject: [ALUG] How best to run a 'pull' backup using passwordless login?
This requires (unless someone else has some bright ideas) that the remote system has a passwordless login to enable it to do the backup (or I put the password in the script, which comes to the same thing).
Can anyone see any serious flaws in the above and/or easier ways of doing it that are still reasonably secure?
Chris
I would run a script on the remote machine to be backed up to create a "zip" file containing the files you require, via a cron job.
I would setup the ssh keys to allow "no password" login to the account from your machine.
I would use a cron job on the "data collector" to scp the file from remote machine. This obviously has to be done once the remote machine has finished the backup.
TIP 1: use the date command on the first machine to create a unique filename (like backup`date '+%Y%m%d%H'`.gz) TIP 2: use the cron job to remove all previous backups ( ie rm /tmp/mybackup/* )to control disk space TIP 3: use email to comfirm the job has been done at both ends, including a "ls" of the data area ( ie ls /tmp/mybackup/ ** see below sig for a snip from my Solaris backup script)
This is the least painful way IMHO, but can have secondary security on the remote firewall for IP access to that machine.
HTH Keith
# FINISHED THE BACKUP if [ -f $errorfile ]; then echo "\nError:\n\n`cat $errorfile`" >> $tempfile rm $errorfile else echo "\nFinished backup" >> $tempfile fi
# E-MAIL RESULTS OF BACKUP /usr/lib/sendmail $mailto < $tempfile
_________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/171222986/direct/01/