[rdiff-backup-users] Re: rdiff unattended backup questions.

[Troels Arvin]

On Wed, 17 Aug 2005 21:54:45 -0800, Noah wrote:
> but I want to do something a little different.  I want the machine that I am
> backing up to intiate the ssh connection to the server that is providing the
> backup space.  I still want the rdiff-backup exchange to be handled by ssh.

First, let's agree on terminology:

backup-host:     host storing the backup data
production-host: host where the data originated from

In your case, the production-host will ssh to the backup-host and push
data: production-host ---ssh---> backup-host.

I assume that on the production-host, you will be using the root account.
On the backup host, I don't know which login you will use; let's call that
account "BACKUPUSER".

Now, first you need to make sure that root at production-host can do the
following without having to enter a password:
ssh address@hidden

This normally entails:
1. address@hidden runs "ssh-keygen -t rsa" which yields some
   files in ~root/.ssh/
2. Transport the contents of ~root/.ssh/id_rsa.pub (one line)
   and add it to BACKUPUSER's .ssh/authorized_keys file on backup-host.
   Make sure that BACKUPUSER's .ssh directory and authorized_keys
   directory/file may only be written to by BACKUPUSER (otherwise
   ssh will refuse to use authorized_keys).
3. Now, address@hidden should be able to ssh backup-host
   as user BACKUPUSER.

After this has been set up, the rest should be easy:
a. learn how to use rdiff-backup
b. adjust BACKUPUSER's authorized_keys file, tightening
   up security, perhaps adjusting so that the relevant
   line looks somewhat like this (one long line):

from="11.22.33.44",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="rdiff-backup
--server" ssh-rsa AAAA....XXXX address@hidden

(Read ssh's manual pages for more on this.)

-- 
Greetings from Troels Arvin