On the server where I store the backup files I created a user "backup".
Then as the user backup on that machine I did "ssh-keygen". The program askes for the key name. I use the default name ( key gets stored in ~/.ssh/id_dsa; public key in ~/.ssh/id_dsa.pub). On the question for a password, just type <return>. Then you don't have to use a password on the system to be backed-up. Be sure the home directory of the user backup is not group- and world writable, otherwise key-authentication doesn't work. Also be sure the "~/.ssh"-directory has mode 700.
Further I copied the file ~/.ssh/id_dsa to ~/.ssh/authorized_keys. This way the backup user accepts login authentication with the private key made in the previous step.
Then I copied the file ~/.ssh/id_dsa to the system to be backed-up and renamed it there to /root/.ssh/backup.
To check if everything works login on the system to be backed-up as root.
Then type: ssh -i /root/.ssh/backup backup@<backupserver>.
Now you should get a $-prompt on the backup server without being asked for a password.
If this works your up and running. To backup your system or directory, login on the machine to be backed-up as root or make an entry to the root crontab or etc..........
Type:
tar cvf - <backup_directory> | ssh -i /root/.ssh/backup backup@<backup_server> "dd of=<path_to_backup_dir>/<backupfile>.tar"
and the process starts.
A real life example would be:
cd /home
tar cvf - . | ssh -i /root/.ssh/backup backup@backup.server.com "dd of=homedir.tar"
I haven't thought of any real security flaws in this process. Well another user having the private key could delete your backup file. But this can be prevented by moving it to a more secure place after the backup is finished.
Because you use ssh it is even save to do the backup over the insecure internet.
Hope this is of help,
Koos.
At 08:57 20-02-2003 -0800, you wrote:
Toni Erdmann writes.... > > > ssh can be configured to run without passwords, just with secret keys > and trusted host/users. But I haven't done this yet. Same here. I still use the password, but want to set mine up to use the keys (PGP I assume?), and such. If anyong knows a good "How-To" on that, or wants to start a new threat with instructions, inquiring minds, want to know. (I'm totally lost on the whole PGP concept.) -- Jay Crews jpc@jaycrews.com -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
-- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
