Le jeudi 30 juillet 2009 00:16:54, Bernd Haug a écrit : > On Wed, Jul 29, 2009 at 11:18 PM, Xavier Brochard<[email protected]> wrote: > > I was wondering what is the best solution (regarding security, network > > load and dirvish run): > > - a push backup but mounting the backup disk with sshfs, dirvish on the > > client - a pull backup, dirvish on the backup server, using dyndns.com or > > no-ip.com - something else ? > > Do the following, using SSH Transport: > > Create an entry like this in the backup server's root's .ssh/config: > > host dynamic-host > hostname localhost > port 12321 > identityfile path-to-id > > create a sudoers entry like this on the server: > backupinitiator backup-host=(root) NOPASSWD: dirvish --vault > vault-for-dynamic-host > > Then (in addition to normal dirvish configuration) you just have to > > (1) get a key for login as backupinitiator on the backup server onto > the dynamic client > > (2) set the dynamic-host of the .ssh/config file above as the target > host of the dirvish vault on the server > > (3) run a command like this on the client: > ssh -R 12321:localhost:12321 backupinitia...@server 'sudo dirvish > --vault vault-for-dynamic-host'
sudo will not ask for a password - isn't that a bit dangerous? backupinitiator cando whatever he wants... > That way you get client-triggered backups, and still use all the > benefits of rsync with a remote peer. Read up on the format of SSH > authorized_keys files for additional security (i.e., command > limiting). One question, to be sure: in the host directive of ssh config you don't write literaly "dynamic-host" ? Thankyou fo the help. Xavier [email protected] _______________________________________________ Dirvish mailing list [email protected] http://www.dirvish.org/mailman/listinfo/dirvish
