You can also use the sshd option: PermitRootLogin without-password
This will only allow root logins with a key pair. see man sshd_config(5) for more info. Regards, Sebastiaan Jose Torres wrote:
I have ssh password access on, but removed the root password. So I can login but root requires the key. But anyway I would like to do the "...connect as a different user and add a sudo layer to run the backup." (I could create a key for backuppc, remove the password and make it sudoer on the remote server) How would I do the sudo layer? -----Original Message-----From: Les Mikesell [mailto:[email protected]] Sent: Thursday, December 03, 2009 3:55 PMTo: General list for user discussion, questions and support Subject: Re: [BackupPC-users] Problems to backup linux network computer Jose Torres wrote:This is the default backuppc tar command: $sshPath -q -x -n -l root $host env LC_ALL=C $tarPath -c -v -f - -C$shareName+ --totals I had this: usr/bin/sudo $tarPath -c -v -f - -C $shareName --totalsThis should have been in the per-pc config for the server host. Or (better) done in the web 'edit config' for the server host only.I was missing that the $shareName parameter needed to be change to a NFS mount from the network computer to be backup (serverv2v2) corresponding to the remote '/' mount on the backuppc server (server2). This way thechangedtar command would have backup the correct data instead of the local '/'. The mount had to be made with the root credentials so as to have read all access, and mapped to the backuppc user to inherit the read all access on the backup server. The mount could be done a permanent mount or can bemadeDumpPreShareCmd/DumpPostShareCmd so as make and remove the mount duringbackup.Another way to solve it is to make the tar command back at default (more/less): $sshPath -q -x -n -l root $host env LC_ALL=C $tarPath -c -v -f - -C $shareName --totals I did this and it worked fine now. The thing will be that we need to usesshwith root user which can become a security breach.You should probably consider using rsync over ssh for the remote machine(s) because it has several advantages over tar. As for security, there are some things you can do to limit ssh access. If the machine is internet-exposed you should make sure that password based access is disabled - and you can restrict the commands that can be executed or even connect as a different user and add a sudo layer to run the backup. But mostly you have to be very careful about access to the private key on the backuppc server so no one can copy it. If password access is off, someone must have the private side of the key to connect.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________ BackupPC-users mailing list [email protected] List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
