As part of my sort out and tidy up of security, backups, etc. I've decided that it would be better to run my off site backups as 'pull' backups driven from the remote systems. This way an intruder into my home system won't see any evidence of these backups happening and hence won't be tempted to do anything to them.
This requires (unless someone else has some bright ideas) that the remote system has a passwordless login to enable it to do the backup (or I put the password in the script, which comes to the same thing).
For this to be (reasonably) secure it needs to be set up so that the *only* thing you can do with that login is a backup. So, finally to my question, what's the tidiest/easiest way of doing this?
I can see two possible ways:-
A dedicated login with the program to be executed when you login set to do the backup.
A 'ForceCommand' in ssh that executes the backup when certain criteria are met.
I think I prefer the second as it makes handling permissions etc. easier. E.g. I want to backup files belonging to user xxxx, if I can login as user xxxx then I don't need to worry about the files all being readable by the backup. This requires careful setting up of the sshd_config file though so that remote logins to user xxxx run the backup but one can still login to user xxxx locally.
Can anyone see any serious flaws in the above and/or easier ways of doing it that are still reasonably secure?
Hi all
I have a problem that has me puzzled.
I recently downloaded the latest version of UBUNTU, I installed said disk and rebooted then nothing. All i got was a small flashing curser in the top left hand corner. After a reboot I got a text only boot select screen. On selecting recovery mode, I got a list of what was happening, at least I think it was. It got as far as finding my CDROM drive and stopped for what seemed like days, then back to the small flashing curser.
Any ideas and suggestions would be great.
Alistair
System Type X86-based PC Processor x86 Family 6 Model 14 Stepping 12 GenuineIntel ~1866 Mhz Total Physical Memory 1,024.00 MB Name Optiarc DVD RW AD-7530A
Alistair MAcgregor wrote:
Hi all
I have a problem that has me puzzled.
I recently downloaded the latest version of UBUNTU, I installed said disk and rebooted then nothing. All i got was a small flashing curser in the top left hand corner. After a reboot I got a text only boot select screen. On selecting recovery mode, I got a list of what was happening, at least I think it was. It got as far as finding my CDROM drive and stopped for what seemed like days, then back to the small flashing curser.
The first thing to do is check the md5sum of the ISO you downloaded against the one on the mirror site. There are windows tools to do this (doesn't apply if you got the ISO from a torrent).
Or it could be an issue with your cdreader and/or media, even if these things appear to work normally otherwise. The error recovery and handling during the boot phase is not as tolerant.
This being the case you could download the windows version of unetbootin and build the installer from your existing ISO on a memory stick rather than a CD (assuming your hardware can boot from a usb drive and you have a spare 1gb stick kicking about)
Date: Sat, 19 Dec 2009 16:48:53 +0000 From: cl@isbd.net To: main@lists.alug.org.uk Subject: [ALUG] How best to run a 'pull' backup using passwordless login?
This requires (unless someone else has some bright ideas) that the remote system has a passwordless login to enable it to do the backup (or I put the password in the script, which comes to the same thing).
Can anyone see any serious flaws in the above and/or easier ways of doing it that are still reasonably secure?
Chris
I would run a script on the remote machine to be backed up to create a "zip" file containing the files you require, via a cron job.
I would setup the ssh keys to allow "no password" login to the account from your machine.
I would use a cron job on the "data collector" to scp the file from remote machine. This obviously has to be done once the remote machine has finished the backup.
TIP 1: use the date command on the first machine to create a unique filename (like backup`date '+%Y%m%d%H'`.gz) TIP 2: use the cron job to remove all previous backups ( ie rm /tmp/mybackup/* )to control disk space TIP 3: use email to comfirm the job has been done at both ends, including a "ls" of the data area ( ie ls /tmp/mybackup/ ** see below sig for a snip from my Solaris backup script)
This is the least painful way IMHO, but can have secondary security on the remote firewall for IP access to that machine.
HTH Keith
# FINISHED THE BACKUP if [ -f $errorfile ]; then echo "\nError:\n\n`cat $errorfile`" >> $tempfile rm $errorfile else echo "\nFinished backup" >> $tempfile fi
# E-MAIL RESULTS OF BACKUP /usr/lib/sendmail $mailto < $tempfile
_________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/171222986/direct/01/
-
Alistair MAcgregor -
Chris G -
keithjamieson@hotmail.co.uk -
Wayne Stallwood