fbsd backup 2 remote
I want to make a *full* backup of my fbsd-4.7 to a (remote) HD on my local network. Should I share the (remote) directory through NFS or an alternate way. And most important: what program do I use. The remote is an ext3 linux drive. Can anyone point me in the right (syntax) direction? Should I use tar? Or what? In future I want to be able to do a full restore to a new (and much larger) harddrive ;-)) -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.7 ++ Debian GNU/Linux (Woody) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: fbsd backup 2 remote
On Sat, Feb 22, 2003 at 03:54:04PM +0100, Dick Hoogendijk wrote: > I want to make a *full* backup of my fbsd-4.7 to a (remote) HD on my > local network. > > Should I share the (remote) directory through NFS or an alternate way. > And most important: what program do I use. The remote is an ext3 linux > drive. > > Can anyone point me in the right (syntax) direction? > Should I use tar? Or what? > In future I want to be able to do a full restore to a new (and much > larger) harddrive ;-)) There's two parts to this: What program should you use to generate images of your file system? How do you save the data onto your remote machine? The first question is easy enough to answer. Any sort of backup software will do what you want, so long as it can write it's output to stdout. dump(8) will give you the most faithful recreation of your filesystem on the new drive, but tar(1) will work fine if your filesystem just contains regular files, directories and links. Use whichever suits you best. If you use dump(8) (and probably if you use tar(1)), you'll have to backup each partition on the disk in turn, rather than trying to do the whole disk in one shot. The trick is in the answer to the second question. Use ssh to let you write the backup to the remote system. Just run your backup command of choice and direct the to stdout, which you then pipe into ssh(1): # dump -0f - /usr | ssh linuxbox "cat > /foo/fbsd-usr.dump" or # cd /home ; tar -jcvlf - . | ssh linuxbox "cat > /foo/fbsd-home.tar.bz2" Doing the restore is much the same thing in reverse: # cd /usr ; ssh linuxbox "cat /foo/fbsd-usr.dump" | restore -rf - or # cd /home ; ssh linuxbox "cat /foo/fbsd-home.tar.bz2" | tar -jxpvf - Nb. You might think from reading the appropriate man pages that you could dump directly to a remote file or write a tar file onto a remote machine by using a construction like: # dump -0f linuxbox:/foo/root-fbsd.dump / or # tar -jcvf linuxbox:/foo/root-fbsd.tar.bz2 / This is certainly possible, but it requires use of the rmt(8) program via rexec(3) or rcmd(3) -- or in other words, rsh(1). That's best avoided unless you're very sure you can deal with the security implications. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: fbsd backup 2 remote
On 22 Feb Matthew Seaman wrote: > # dump -0f - /usr | ssh linuxbox "cat > /foo/fbsd-usr.dump" > or > # cd /home ; tar -jcvlf - . | ssh linuxbox "cat > /foo/fbsd-home.tar.bz2" > > Doing the restore is much the same thing in reverse: > > # cd /usr ; ssh linuxbox "cat /foo/fbsd-usr.dump" | restore -rf - > or > # cd /home ; ssh linuxbox "cat /foo/fbsd-home.tar.bz2" | tar -jxpvf - Many thanks for your answer. It covers all ;-)) -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.7 ++ Debian GNU/Linux (Woody) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: fbsd backup 2 remote
On 22 Feb Matthew Seaman wrote: > # dump -0f - /usr | ssh linuxbox "cat > /foo/fbsd-usr.dump" It seemed easy enough, but it wasn't. "ssh linuxbox" won't work because I need a password. Guess I have to alter things to have an automatic ssh session. Don't exactly know how :-(( -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.7 ++ Debian GNU/Linux (Woody) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: fbsd backup 2 remote
On Sat, Feb 22, 2003 at 10:03:43PM +0100, dick hoogendijk wrote: > On 22 Feb Matthew Seaman wrote: > > # dump -0f - /usr | ssh linuxbox "cat > /foo/fbsd-usr.dump" > > It seemed easy enough, but it wasn't. "ssh linuxbox" won't work because > I need a password. Guess I have to alter things to have an automatic ssh > session. Don't exactly know how :-(( Hmmm... Usually you can just type in the password and everything proceeds as planned. However, knowing how to use key based auth with ssh is handy so here's a potted summary. Generate an ssh key in the usual way: # ssh-keygen -b 1024 -t rsa which will prompt you for a passphrase. Enter one. The command will create two files: id_rsa (the private key) and id_rsa.pub (the public key) Move 'id_rsa' in /root/.ssh and make sure it has the right ownership and fairly restrictive access permissions: # mv id_rsa /root/.ssh/ # chmod 0600 /root/.ssh/id_rsa # chown root:wheel /root/.ssh/id_rsa Now copy the public key over to the linux box and add it to root's[*] authourised keys file: # scp id_rsa.pub linuxbox:/root/.ssh/ # slogin linuxbox bash# cd /root/.ssh bash# cat id_rsa.pub >> authorized_keys Logout of the linux box. Start up the ssh-agent and load the key into it: # eval `ssh-agent` # ssh-add /root/.ssh/id_rsa You'll be prompted for the passphrase. Enter it. Now test that you can access the linux box using the key based authorization: # ssh -v linuxbox --- you should see something like this in the output debug1: next auth method to try is publickey debug1: userauth_pubkey_agent: testing agent key /root/.ssh/id_rsa debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x87654321 hint -1 debug1: ssh-userauth2 successful: method publickey You might need to take a few goes at this, and try connecting from the linux box to the FreeBSD machine so that each host gets the other's host key into the /root/.ssh/known_hosts files. Eventually you should end up logged in without having to give the password again. You should now be able to do your backups. When you're done, remember to shut down the ssh-agent: # eval `ssh-agent -k` Cheers, Matthew [*] Actually, it's probably better to use some other UID than root on the linux box. -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: fbsd backup 2 remote
On 22 Feb Matthew Seaman wrote: > Generate an ssh key in the usual way: > > # ssh-keygen -b 1024 -t rsa > > which will prompt you for a passphrase. Enter one. The command will > create two files: > > id_rsa (the private key) and > > id_rsa.pub (the public key) > > Move 'id_rsa' in /root/.ssh and make sure it has the right ownership [cut the rest of the info] It works great! Very simple if you know how to act ;) I understand that I have to copy my public key to all machines I want to have a remote login-to. So far so good.. But what do I do ON another machine (in my intranet)? Do I use *another* private key there or can I just use the one I have on my "main" machine? Thanks for all your help. Keeping copies of them :-)) -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.7 ++ Debian GNU/Linux (Woody) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: fbsd backup 2 remote
On Sun, Feb 23, 2003 at 11:00:34AM +0100, dick hoogendijk wrote: > On 22 Feb Matthew Seaman wrote: > > Generate an ssh key in the usual way: > > > > # ssh-keygen -b 1024 -t rsa > > > > which will prompt you for a passphrase. Enter one. The command will > > create two files: > > > > id_rsa (the private key) and > > > > id_rsa.pub (the public key) > > > > Move 'id_rsa' in /root/.ssh and make sure it has the right ownership > > [cut the rest of the info] > > It works great! Very simple if you know how to act ;) > > I understand that I have to copy my public key to all machines I want to > have a remote login-to. So far so good.. > But what do I do ON another machine (in my intranet)? Do I use *another* > private key there or can I just use the one I have on my "main" machine? > > Thanks for all your help. Keeping copies of them :-)) For a root-owned key pair like I described, you should probably use a distinct key pair on each of your machines. Remember this root owned ssh key pair is practically identical to the root password in terms of what it will allow you do to a machine. Keep it secure. Don't create one unless you actually need to use it. For general use by your own UID however, yes, copying the private key around the place can be useful. You may not need to do that though -- if you keep your account's private key on the machine on your desktop and use ssh exclusively for remote access you only need to run one copy of the ssh-agent there, and you can arrange for "agent forwarding" by ssh so that even if you hop from machine to machine several layers deep, everything eventually refers back to the ssh-agent on your desktop for authorization. See the paragraph about "ForwardAgent" in the ssh_config(5) man page. Of course, for this scheme to work effectively, you've got to distribute the public key to all of the machines you might be interested in logging into and add it the the appropriate authorized_keys file on those machines. Remember, the authorized_keys file can belong to a completely different account on the remote machine, and there can be as many keys as you like in the authorized_keys file. That's actually quite a good way of providing shared access to a login account without having to share a single password between everyone. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: fbsd backup 2 remote
On 22 Feb Matthew Seaman wrote: > Start up the ssh-agent and load the key into it: > # eval `ssh-agent` > # ssh-add /user/.ssh/id_rsa > When you're done, remember to shut down the ssh-agent: > # eval `ssh-agent -k` Is this kind of a safety measure? Isn't it simpler to activate ssh-agent on login so I can auto use ssh connections. Why is it better to always go through this ruleset? If not, where do I activate it on login? In my (login) .profile or my (shell)rc i.e. .tcsh Secondly: does a user really need a passphrase? Root? Sure! But a normal user? -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.7 ++ Debian GNU/Linux (Woody) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: fbsd backup 2 remote
On Sun, Feb 23, 2003 at 06:27:55PM +0100, dick hoogendijk wrote:
> On 22 Feb Matthew Seaman wrote:
> > Start up the ssh-agent and load the key into it:
> > # eval `ssh-agent`
> > # ssh-add /user/.ssh/id_rsa
> > When you're done, remember to shut down the ssh-agent:
> > # eval `ssh-agent -k`
>
> Is this kind of a safety measure? Isn't it simpler to activate ssh-agent
> on login so I can auto use ssh connections. Why is it better to always
> go through this ruleset? If not, where do I activate it on login? In my
> (login) .profile or my (shell)rc i.e. .tcsh
Just tidying up. ssh-agent tends not to get killed when you log out.
Yes, it's typical to start up ssh-agent and ssh-add your key to it
when you log in (and then close down ssh-agent on logout) so that it's
always available while you're logged in. You can do that through your
startup scripts (.login and .logout for tcsh, .bash_login and
.bash_logout for bash etc.)
Personally, I run it out of my .xsession like so:
#!/bin/sh
# PATH is set via login.conf ...
##PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:${HOME}/bin"
; export PATH
FTP_PASSIVE_MODE=YES ; export FTP_PASSIVE_MODE
eval `ssh-agent -s`
/usr/X11R6/bin/xconsole -daemon -notify -verbose -fn fixed \
-exitOnFail -geometry 480x130-0-0 -iconic &
[ -f ${HOME}/.Xdefaults ] && /usr/X11R6/bin/xrdb -merge ${HOME}/.Xdefaults
/usr/X11R6/bin/xscreensaver -no-splash &
/usr/X11R6/bin/wmaker
eval `ssh-agent -k`
#
# That's All Folks!
#
and then as part of the wmaker startup, I have this in
GNUstep/Library/WindowMaker/autostart:
xterm -geometry 80x24-91+0 -e ssh-add ${HOME}/.ssh/id_rsa &
> Secondly: does a user really need a passphrase? Root? Sure! But a normal
> user?
I would strongly advise you to always use a passphrase with your
ssh(1) keys. Otherwise, anyone that can steal your private key can
use it exactly as if they were you. The ssh FAQ says it better than I
can:
http://www.snailbook.com/faq/no-passphrase.auto.html
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
Re: fbsd backup 2 remote
On 23 Feb Matthew Seaman wrote: > ssh-agent tends not to get killed when you log out. > You can do that through your startup scripts (.login and .logout for > tcsh, .bash_login and .bash_logout for bash etc.) Right. This works.. I use "sh" as my shell, so I put the startup in .profile, but where do I put the closing "eval ssh-agent -k" Need I create .sh_logout? -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.7 ++ Debian GNU/Linux (Woody) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
