From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QuUPj-0007va-8S for garchives@archives.gentoo.org; Fri, 19 Aug 2011 19:07:31 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 854D321C196; Fri, 19 Aug 2011 19:07:20 +0000 (UTC) Received: from mail2.viabit.com (mail2.viabit.com [65.246.80.16]) by pigeon.gentoo.org (Postfix) with ESMTP id 34DDF21C158 for ; Fri, 19 Aug 2011 19:06:16 +0000 (UTC) Received: from [10.1.1.204] (unknown [65.213.236.244]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail2.viabit.com (Postfix) with ESMTPSA id 897A037B60 for ; Fri, 19 Aug 2011 15:06:15 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=orlitzky.com; s=mail2; t=1313780775; bh=6bYy0/pvWVgdbld7Wsk9zdu40nFC43ByyLYyBx8mSQ0=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=ZBivNYbVO0dQQ5lwt7qkd3xIWuGrf8+t4QbxUn5pEPlbG+8iUVnYE8eYLtCDSabK/ FtlFdzqoNQbPWOQWXwkNPqhSn9y/EBSG4YbLaN5yagMDZJ7n+EklwDexHq+c9AL1cY NwQrQU7tOcD4aS7+QEUN6hFxiYK534/xCfymcbJc= Message-ID: <4E4EB426.4090401@orlitzky.com> Date: Fri, 19 Aug 2011 15:06:14 -0400 From: Michael Orlitzky User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110715 Lightning/1.0b3pre Thunderbird/3.1.10 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] {OT} rdiff-backup: push or pull? References: <54732072.QyOj10dyxT@eve> <2835390.opqSYxfPPv@eve> <4E4E99F6.2020002@orlitzky.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: 27af72eabdc23fcccec07fbb6b201adc On 08/19/11 14:00, Grant wrote: >> We're doing the same thing for our backups. Here's that chunk of our >> documentation, if it's helpful. > > Thanks Michael. You've found that a shell account is required on the > backup server in order to push backups to it? Yes, you have to be able to run a command (rdiff-backup --server...) and that requires a shell. I tried to do it without a shell, but couldn't figure out how to do it sensibly. I do `chmod 700` all home directories. > Is the purpose of the Host block in .ssh/config to store the hostname > of the backup server so it doesn't need to be used directly in the > rdiff-backup command? It forces key-based authentication when connecting to the backup server. The default is password-based, which obviously won't work in a cron job. > Why create a password for the backup user? Doesn't that open up the > possibility of someone logging in as that user, when otherwise the > account would only be used for backing up files? It might work without one; in these instructions the machine-to-be-backed-up never connects to the backup server as root, and so you need a way to SCP stuff to the backup server. I usually use a `pwgen 16` password for these accounts and then immediately forget it, so nobody will log in to them for a few billion years at least. Does key-based authentication work with no password? I've never tried. I am emotionally troubled by the existence of local shell accounts, but rationally, I know that no one can ever log in to them.