[gentoo-user] Finalizing my backup system

[gentoo-user] Finalizing my backup system

[Grant]

I'm using backupninja to backup data from my laptop, desktop, and
remote server onto a remote desktop system.  backupninja is very
simple and is really just an interface to a few other programs
including rdiff-backup.  I'm not worried about a good restore method
for now, I want to focus on keeping it simple and protecting my data.
This is the first time I've set up a real backup system and I'd love
to get some advice from you guys.  I've got a few questions.

1. This is the first time I've used passwordless SSH keys.  root on
each system being backed up logs into the remote desktop as a normal
user to store the backups.  Is this pretty safe?  I suppose if root is
compromised on any of the three systems being backed up (via physical
access or otherwise), the remote desktop will also be compromised as a
normal user.  Maybe that normal user should be extraordinarily
unprivileged?

2. backupninja can email reports.  This works on my remote server
which runs postfix, but my laptop and desktop don't run an MTA.  Is
there a simple one that would be well-suited to a purpose like this,
or do I need full-blown postfix on my laptop and desktop?  Whatever I
choose, I'd also like to use it to send PORTAGE_ELOG messages from
those systems.

3. On each system I back up /etc, /home/user/backup,
/var/lib/portage/world, and /usr/src/linux/.config along with anything
special from that system.  Would anyone recommend I back up anything
else?  Some of the hidden directories in /home/user might come in
handy, but I think I can rebuild those without too much trouble.

4. I have 600GB of music and photos that I'd like to back up somehow,
but that is too much data to send to my remote desktop over my 20KB/s
upload.  How would you handle this?  I was thinking maybe two external
USB drives that I switch back and forth between being connected to the
desktop system and being stored in a fireproof/waterproof container
and hidden somewhere in my apartment to hopefully protect against
fire, flood, and theft.

5. Do I have enough redundancy with backups only being stored on one system?

6. Any ideas for backing up the remote desktop which is the system
where all the backups are stored?  I can't back it up to my desktop or
laptop because I'm behind some kind of a shared IP address.  I also
don't want to back it up to the remote server because that would
require SSH keys on the remote server and if the remote desktop is
compromised I don't want the remote server compromised along with it.

Thanks guys,
Grant

[gentoo-user] Re: Finalizing my backup system

[walt]

On 09/26/2010 12:13 PM, Grant wrote:

>
> 2. backupninja can email reports.  This works on my remote server
> which runs postfix, but my laptop and desktop don't run an MTA.  Is
> there a simple one that would be well-suited to a purpose like this,
> or do I need full-blown postfix on my laptop and desktop?  Whatever I
> choose, I'd also like to use it to send PORTAGE_ELOG messages from
> those systems.

I use ssmtp for that purpose and there are at least two more similar
packages in the mail-mta category, but I haven't tried them.

Re: [gentoo-user] Finalizing my backup system

[Michael Orlitzky]

On 09/26/2010 03:13 PM, Grant wrote:
> I'm using backupninja to backup data from my laptop, desktop, and
> remote server onto a remote desktop system.  backupninja is very
> simple and is really just an interface to a few other programs
> including rdiff-backup.  I'm not worried about a good restore method
> for now, I want to focus on keeping it simple and protecting my data.
> This is the first time I've set up a real backup system and I'd love
> to get some advice from you guys.  I've got a few questions.
> 
> 1. This is the first time I've used passwordless SSH keys.  root on
> each system being backed up logs into the remote desktop as a normal
> user to store the backups.  Is this pretty safe?  I suppose if root is
> compromised on any of the three systems being backed up (via physical
> access or otherwise), the remote desktop will also be compromised as a
> normal user.  Maybe that normal user should be extraordinarily
> unprivileged?

You can limit SSH access to only certain commands. On the remote desktop
machine, you probably had to add an entry to the SSH authorized_keys
file. You can prefix that line with the command that the user is allowed
to run. For example (I use rdiff-backup too):

  command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding
  ssh-rsa <big_ugly_key>

My uneducated guess is that this is safe unless there's a bug in
rdiff-backup or ssh.


> 2. backupninja can email reports.  This works on my remote server
> which runs postfix, but my laptop and desktop don't run an MTA.  Is
> there a simple one that would be well-suited to a purpose like this,
> or do I need full-blown postfix on my laptop and desktop?  Whatever I
> choose, I'd also like to use it to send PORTAGE_ELOG messages from
> those systems.

Both ssmtp and nbsmtp work great for getting mail off your machine and
to a real MTA. Just configure them with your account details (gmail or
whatever). Create new account if you don't want to put your real details
in a text file on every machine.


> 3. On each system I back up /etc, /home/user/backup,
> /var/lib/portage/world, and /usr/src/linux/.config along with anything
> special from that system.  Would anyone recommend I back up anything
> else?  Some of the hidden directories in /home/user might come in
> handy, but I think I can rebuild those without too much trouble.

Some programs stick stuff in /var/lib. The two most important that I
know of are MySQL and PostgreSQL. I also back up all of /home and /root.


> 4. I have 600GB of music and photos that I'd like to back up somehow,
> but that is too much data to send to my remote desktop over my 20KB/s
> upload.  How would you handle this?  I was thinking maybe two external
> USB drives that I switch back and forth between being connected to the
> desktop system and being stored in a fireproof/waterproof container
> and hidden somewhere in my apartment to hopefully protect against
> fire, flood, and theft.

How often do you add new photos/music? You could make an initial trip
with a big hard drive and copy everything that way. Then, the subsequent
syncs would require a lot less traffic.


> 5. Do I have enough redundancy with backups only being stored on one system?

Depends on how important your stuff is. Ideally, you should rotate the
physical media on your remote server and keep some copies off-site. That
adds cost obviously; only you know whether or not it's worth it.


> 6. Any ideas for backing up the remote desktop which is the system
> where all the backups are stored?  I can't back it up to my desktop or
> laptop because I'm behind some kind of a shared IP address.  I also
> don't want to back it up to the remote server because that would
> require SSH keys on the remote server and if the remote desktop is
> compromised I don't want the remote server compromised along with it.

If you really want to do it right, my recommendation would be to set up
a separate machine with a swappable 2TB drive -- and buy a spare. Back
up every other machine to it, and rotate the drive once a week or so.
Keep the out-of-rotation drive at your house, office, or other safe
place so a tyrannosaurus attack can't destroy all of the backups at once.

If you locate the new machine close to your desktop/laptop, you can
easily backup the photos and music to it too.

Re: [gentoo-user] Finalizing my backup system

[Grant]

>> I'm using backupninja to backup data from my laptop, desktop, and
>> remote server onto a remote desktop system.  backupninja is very
>> simple and is really just an interface to a few other programs
>> including rdiff-backup.  I'm not worried about a good restore method
>> for now, I want to focus on keeping it simple and protecting my data.
>> This is the first time I've set up a real backup system and I'd love
>> to get some advice from you guys.  I've got a few questions.
>>
>> 1. This is the first time I've used passwordless SSH keys.  root on
>> each system being backed up logs into the remote desktop as a normal
>> user to store the backups.  Is this pretty safe?  I suppose if root is
>> compromised on any of the three systems being backed up (via physical
>> access or otherwise), the remote desktop will also be compromised as a
>> normal user.  Maybe that normal user should be extraordinarily
>> unprivileged?
>
> You can limit SSH access to only certain commands. On the remote desktop
> machine, you probably had to add an entry to the SSH authorized_keys
> file. You can prefix that line with the command that the user is allowed
> to run. For example (I use rdiff-backup too):
>
>  command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding
>  ssh-rsa <big_ugly_key>

I tried both that and simplified versions of it but it seems to
prevent the login from working.  It hangs on the following command,
which works if I don't add the above:

ssh  -o PasswordAuthentication=no 1.2.3.4 -l user 'echo -n 1'

Should it be working?  I noticed I have ssh-dss instead of your ssh-rsa.

- Grant

Re: [gentoo-user] Finalizing my backup system

[Michael Orlitzky]

On 10/06/2010 01:40 PM, Grant wrote:
>>> I'm using backupninja to backup data from my laptop, desktop, and
>>> remote server onto a remote desktop system.  backupninja is very
>>> simple and is really just an interface to a few other programs
>>> including rdiff-backup.  I'm not worried about a good restore method
>>> for now, I want to focus on keeping it simple and protecting my data.
>>> This is the first time I've set up a real backup system and I'd love
>>> to get some advice from you guys.  I've got a few questions.
>>>
>>> 1. This is the first time I've used passwordless SSH keys.  root on
>>> each system being backed up logs into the remote desktop as a normal
>>> user to store the backups.  Is this pretty safe?  I suppose if root is
>>> compromised on any of the three systems being backed up (via physical
>>> access or otherwise), the remote desktop will also be compromised as a
>>> normal user.  Maybe that normal user should be extraordinarily
>>> unprivileged?
>>
>> You can limit SSH access to only certain commands. On the remote desktop
>> machine, you probably had to add an entry to the SSH authorized_keys
>> file. You can prefix that line with the command that the user is allowed
>> to run. For example (I use rdiff-backup too):
>>
>>  command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding
>>  ssh-rsa <big_ugly_key>
> 
> I tried both that and simplified versions of it but it seems to
> prevent the login from working.  It hangs on the following command,
> which works if I don't add the above:
> 
> ssh  -o PasswordAuthentication=no 1.2.3.4 -l user 'echo -n 1'

That's the point? You can't log in (run /bin/bash) or do anything except
the command listed in the authorized_keys file.


> Should it be working?  I noticed I have ssh-dss instead of your ssh-rsa.

That's just the key type, doesn't matter.

Re: [gentoo-user] Finalizing my backup system

[Grant]

>>>> I'm using backupninja to backup data from my laptop, desktop, and
>>>> remote server onto a remote desktop system.  backupninja is very
>>>> simple and is really just an interface to a few other programs
>>>> including rdiff-backup.  I'm not worried about a good restore method
>>>> for now, I want to focus on keeping it simple and protecting my data.
>>>> This is the first time I've set up a real backup system and I'd love
>>>> to get some advice from you guys.  I've got a few questions.
>>>>
>>>> 1. This is the first time I've used passwordless SSH keys.  root on
>>>> each system being backed up logs into the remote desktop as a normal
>>>> user to store the backups.  Is this pretty safe?  I suppose if root is
>>>> compromised on any of the three systems being backed up (via physical
>>>> access or otherwise), the remote desktop will also be compromised as a
>>>> normal user.  Maybe that normal user should be extraordinarily
>>>> unprivileged?
>>>
>>> You can limit SSH access to only certain commands. On the remote desktop
>>> machine, you probably had to add an entry to the SSH authorized_keys
>>> file. You can prefix that line with the command that the user is allowed
>>> to run. For example (I use rdiff-backup too):
>>>
>>>  command="/usr/bin/rdiff-backup --server",no-pty,no-port-forwarding
>>>  ssh-rsa <big_ugly_key>
>>
>> I tried both that and simplified versions of it but it seems to
>> prevent the login from working.  It hangs on the following command,
>> which works if I don't add the above:
>>
>> ssh  -o PasswordAuthentication=no 1.2.3.4 -l user 'echo -n 1'
>
> That's the point? You can't log in (run /bin/bash) or do anything except
> the command listed in the authorized_keys file.

I see what you're saying but don't I need to use the ssh command in
order to use the rdiff-backup command?

- Grant

Re: [gentoo-user] Finalizing my backup system

[Michael Orlitzky]

On 10/06/2010 05:43 PM, Grant wrote:
> 
> I see what you're saying but don't I need to use the ssh command in
> order to use the rdiff-backup command?
> 
> - Grant
> 

You shouldn't have to, rdiff-backup does it on its own. When you execute
e.g.,

  rdiff-backup /home username@backup.example.com::home

rdiff-backup will connect via SSH and launch that command specified in
the authorized keys file.

For that to work, you'll need password-less SSH to be the default when
connecting to the backup server. Here's what I have in my ~/.ssh/config
to force public key auth to backup.example.com:

  Host backup.example.com
     Hostname backup.example.com
     IdentityFile ~/.ssh/backup_rsa
     IdentitiesOnly yes