Re: [BackupPC-users] specifying differerent user in RsyncClientCmd
On 1/17/2011 12:18 AM, itismike wrote: I'm running an Ubuntu client with ecryptFS enabled. Since my home directory is encrypted, I'd like to perform the backup as myself rather than root so the files are browsable by me and restore is possible. Here is another thread (http://ubuntuforums.org/showpost.php?p=10082444postcount=4) that explains the reason for this setup. So my intent is to put my username in the RsyncClientCmd and RsyncClientRestoreCmd commands like this: $sshPath -q -x -l michael $host $rsyncPath $argList+ The problem is I haven't been able to get past the message below: 2011-01-16 14:03:16 full backup started for directory / 2011-01-16 14:03:17 Got fatal error during xfer (Unable to read 4 bytes) 2011-01-16 14:03:22 Backup aborted (Unable to read 4 bytes) Google tells me this points to an inability to ssh to the box, but I set up ssh-keygen and can establish passwordless ssh connections between the server and client (and vice-versa.) Am I going about this whole solution backwards, or if not, how can I diagnose this a little better? Are you testing as the backuppc user? Make sure you can establish a passwordless connection from the backuppc user on the server to your client. -- Bowie -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] specifying differerent user in RsyncClientCmd
Hi Bowie, Yes, I had BackupPC functioning before I modified the username used to connect. But the data in the home folder that was backed up was all encrypted so I couldn't browse it to recover individual files. +-- |This was sent by itism...@gmail.com via Backup Central. |Forward SPAM to ab...@backupcentral.com. +-- -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
Re: [BackupPC-users] specifying differerent user in RsyncClientCmd
Hi, On 1/17/2011 12:18 AM, itismike wrote: I'm running an Ubuntu client with ecryptFS enabled. Since my home directory is encrypted, I'd like to perform the backup as myself rather than root so the files are browsable by me and restore is possible. while I don't really know what the entails, I would like to point out one thing: the user backuppc on the BackupPC server machine has (and needs) non-interactive and passwordless access to your files. There is no way around that if you want non-interactive backups. So, while you might be protected against root on the *client machine* (not sure about that, but I suppose you know what you're doing), you are *not* protected against root on the *BackupPC server* (unless there is some mechanism preventing him to su - backuppc) or anyone else that can gain access to the backuppc account there or access the private ssh key you use for the connection (or the BackupPC pool files, obviously). That might be fine in your case, but I think it is worth mentioning. So my intent is to put my username in the RsyncClientCmd and RsyncClientRestoreCmd commands like this: $sshPath -q -x -l michael $host $rsyncPath $argList+ The problem is I haven't been able to get past the message below: 2011-01-16 14:03:16 full backup started for directory / 2011-01-16 14:03:17 Got fatal error during xfer (Unable to read 4 bytes) 2011-01-16 14:03:22 Backup aborted (Unable to read 4 bytes) [...] I set up ssh-keygen and can establish passwordless ssh connections between the server and client (and vice-versa.) Vice-versa is not needed. Actually, if we're talking about the same thing, it is not a good idea. Bowie Bailey wrote on 2011-01-17 10:56:31 -0500 [Re: [BackupPC-users] specifying differerent user in RsyncClientCmd]: Are you testing as the backuppc user? Make sure you can establish a passwordless connection from the backuppc user on the server to your client. In particular, there must be no extraneous output. Make sure you can backuppc@backuppc-server% ssh -q -x -l michael ubuntu-client /bin/true backuppc@backuppc-server% and get exactly *no output* from that. Furthermore, make sure rsync is actually installed (I've been surprised that it wasn't more than once ...), e.g. backuppc@backuppc-server% ssh -q -x -l michael ubuntu-client /usr/bin/rsync --foo rsync: --foo: unknown option rsync error: syntax or usage error (code 1) at main.c(1443) [client=3.0.7] (that should give an rsync usage error similar to the above, not a shell error message command not found). Other things to note: - You might want or need to use an alternate ssh identity, e.g. backuppc@backuppc-server% ssh -i /var/lib/backuppc/.ssh/id_michael_rsa -q -x -l michael ubuntu-client ... If you do, your RsyncClientCmd/RsyncClientRestoreCmd needs to reflect that, or you need to set it up in ~backuppc/.ssh/config . This is probably only the case if you are backing up several different hosts. - You do *not* need (and should not have) passwordless access to the BackupPC server from the client, i.e. michael@ubuntu-client% ssh -l backuppc backuppc-server ... should prompt you for a password (or deny access). There is no point in setting up passwordless logins in that direction, and doing so would mean that anyone capable of becoming michael@ubuntu-client had full access to your BackupPC pool (possibly containing backups of other hosts). Hope that helps. Regards, Holger -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] specifying differerent user in RsyncClientCmd
Thanks for the ideas Holger. I'll try out several of them and let you know what I find. +-- |This was sent by itism...@gmail.com via Backup Central. |Forward SPAM to ab...@backupcentral.com. +-- -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
[BackupPC-users] specifying differerent user in RsyncClientCmd
I'm running an Ubuntu client with ecryptFS enabled. Since my home directory is encrypted, I'd like to perform the backup as myself rather than root so the files are browsable by me and restore is possible. Here is another thread (http://ubuntuforums.org/showpost.php?p=10082444postcount=4) that explains the reason for this setup. So my intent is to put my username in the RsyncClientCmd and RsyncClientRestoreCmd commands like this: $sshPath -q -x -l michael $host $rsyncPath $argList+ The problem is I haven't been able to get past the message below: 2011-01-16 14:03:16 full backup started for directory / 2011-01-16 14:03:17 Got fatal error during xfer (Unable to read 4 bytes) 2011-01-16 14:03:22 Backup aborted (Unable to read 4 bytes) Google tells me this points to an inability to ssh to the box, but I set up ssh-keygen and can establish passwordless ssh connections between the server and client (and vice-versa.) Am I going about this whole solution backwards, or if not, how can I diagnose this a little better? +-- |This was sent by itism...@gmail.com via Backup Central. |Forward SPAM to ab...@backupcentral.com. +-- -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List:https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki:http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/