> Date: Sat, 19 Dec 2009 16:48:53 +0000
> From: cl@isbd.net
> To: main@lists.alug.org.uk
> Subject: [ALUG] How best to run a 'pull' backup using passwordless login?
>
> This requires (unless someone else has some bright ideas) that the
> remote system has a passwordless login to enable it to do the backup
> (or I put the password in the script, which comes to the same thing).
>
> Can anyone see any serious flaws in the above and/or easier ways of
> doing it that are still reasonably secure?

Chris

I would run a script on the remote machine to be backed up to create a "zip" file containing the files you require, via a cron job.

I would setup the ssh keys to allow "no password" login to the account from your machine.

I would use a cron job on the "data collector" to scp the file from remote machine. This obviously has to be done once the remote machine has finished the backup.

TIP 1: use the date command on the first machine to create a unique filename (like backup`date '+%Y%m%d%H'`.gz)
TIP 2: use the cron job to remove all previous backups ( ie rm /tmp/mybackup/* )to control disk space
TIP 3: use email to comfirm the job has been done at both ends, including a "ls" of the data area ( ie ls /tmp/mybackup/ ** see below sig for a snip from my Solaris backup script)

This is the least painful way IMHO, but can have secondary security on the remote firewall for IP access to that machine.

HTH
Keith


# FINISHED THE BACKUP
if [ -f $errorfile ]; then
    echo "\nError:\n\n`cat $errorfile`" >> $tempfile
    rm $errorfile
else
    echo "\nFinished backup" >> $tempfile
fi

# E-MAIL RESULTS OF BACKUP
/usr/lib/sendmail $mailto < $tempfile

---

Hotmail: Powerful Free email with security by Microsoft. Get it now.