From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QvDQZ-0007ea-B1 for garchives@archives.gentoo.org; Sun, 21 Aug 2011 19:11:24 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2DC4221C111; Sun, 21 Aug 2011 19:11:09 +0000 (UTC) Received: from smtpq2.gn.mail.iss.as9143.net (smtpq2.gn.mail.iss.as9143.net [212.54.34.165]) by pigeon.gentoo.org (Postfix) with ESMTP id 5CF4121C08F for ; Sun, 21 Aug 2011 19:10:09 +0000 (UTC) Received: from [212.54.34.134] (helo=smtp3.gn.mail.iss.as9143.net) by smtpq2.gn.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from ) id 1QvDPM-0006P5-Qr for gentoo-user@lists.gentoo.org; Sun, 21 Aug 2011 21:10:08 +0200 Received: from 5ed027a1.cm-7-1a.dynamic.ziggo.nl ([94.208.39.161] helo=data.antarean.org) by smtp3.gn.mail.iss.as9143.net with esmtp (Exim 4.71) (envelope-from ) id 1QvDPL-0007sF-Gd for gentoo-user@lists.gentoo.org; Sun, 21 Aug 2011 21:10:07 +0200 Received: from localhost (localhost [127.0.0.1]) by data.antarean.org (Postfix) with ESMTP id 04510C08 for ; Sun, 21 Aug 2011 21:14:04 +0200 (CEST) X-Virus-Scanned: amavisd-new at antarean.org Received: from data.antarean.org ([127.0.0.1]) by localhost (data.antarean.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PbBCow6JhUmA for ; Sun, 21 Aug 2011 21:14:03 +0200 (CEST) Received: from eve.localnet (eve.lan.antarean.org [10.20.13.50]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by data.antarean.org (Postfix) with ESMTPS id 49A1670E for ; Sun, 21 Aug 2011 21:14:03 +0200 (CEST) From: Joost Roeleveld To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] {OT} rdiff-backup: push or pull? Date: Sun, 21 Aug 2011 21:10:05 +0200 Message-ID: <1501728.2ZHPtJWtlY@eve> User-Agent: KMail/4.7.0 (Linux/2.6.36-gentoo-r5; KDE/4.7.0; x86_64; ; ) In-Reply-To: References: <2884643.h5uTXF1KYh@eve> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-ZiggoSMTP-MailScanner-Information: Please contact the ISP for more information X-ZiggoSMTP-MailScanner-ID: 1QvDPL-0007sF-Gd X-ZiggoSMTP-MailScanner: Found to be clean X-ZiggoSMTP-MailScanner-SpamCheck: geen spam, SpamAssassin (niet cached, score=0.955, vereist 5, BAYES_40 -0.00, KHOP_DYNAMIC 1.02, RDNS_DYNAMIC 0.98, RP_MATCHES_RCVD -1.05) X-ZiggoSMTP-MailScanner-From: joost@antarean.org X-Spam-Status: No X-Archives-Salt: X-Archives-Hash: 65526a5be8b72f953d9aa8bdf668dc81 On Friday, August 19, 2011 10:35:10 AM Grant wrote: > >> >> I'm setting up an automated rdiff-backup system and I'm stuck > >> >> between > >> >> pushing the backups to the backup server, and pulling the > >> >> backups to > >> >> the backup server. If I push, I have to allow read/write access > >> >> of my backups via SSH keys. If I pull, I have to enable root > >> >> logins on each system to be backed-up, allow root read access > >> >> of each system via SSH keys, and I have to deal with openvpn or > >> >> ssh -R so my laptop can back up from behind foreign routers. > >> >> The conventional wisdom online seems to indicate pulling is > >> >> better, but pushing seems like it might be better to me. Do > >> >> you push or pull? > >> > > >> > I would push, to be honest. > >> > >> What can be done about the fact that any attacker who can break into a > >> system and wipe it out can also wipe out its backups? That negates > >> one of the reasons for making the backups in the first place. > > > > True, except if, after a backup is finished, you move the actual backup > > to a different location. (Or you backup the backup server) > > I do back up the backup server to another system via rsync, but if the > backups on the backup server are wiped out, rsync will wipe them out > on the other system too. Why not use a different backup tool that doesn't have this possible problem? Rsync will clear the target is the source is emptied as well. Not sure if this can be prevented. > > I store all important files on my server and the backups there can not > > be > > accessed from the fileserver itself. (That backup is done in "pull" mode > > every night.) > > I thought you were in favor of "pushing"? How do you back up to a > system that can't access the backups? I am, when it comes to backing up desktops. The server is actually a xen-host with multiple xen-domains running on it. I found it easier to have the host determine the backups. The sequence of steps is basically as follows: 1) host tells domain to stop service(s) 2) host tells domain to unmount filesystem 3) hosts disconnects filesystem from domain 4) host creates snapshot (LVM) 5) host reconnect filesystem to domain 6) host tells domain to remount filesystem 7) host tells domain to stop service(s) 8) host backs up snapshot 9) host deletes snapshot I couldn't do a push-system for the virtual machines as I didn't want to expose the host. > >> Should private SSH keys be excluded from the backup? Should anything > >> else be excluded? > > > > When a host is compromised, the corresponding entries in the > > "authorized_keys" should be removed from all other servers/hosts. This > > will make those private keys useless. > > So it's OK to back up a private key to another system? I just want to > make sure I'm not breaking a "good admin" rule by doing this. Yes, I don't see any problem with that. If the backup-server is compromised via a compromised other system, the keys on that system are compromised already anyway. I don't have private keys without passphrase apart from the one the host uses to send commands to the virtual machines. And the host can't be accessed by remote. -- Joost