[Dirvish] push or pull for client with dynamic ip

Xavier Brochard xavier at alternatif.org
Fri Jul 31 08:41:18 UTC 2009


Le jeudi 30 juillet 2009 00:16:54, Bernd Haug a écrit :
> On Wed, Jul 29, 2009 at 11:18 PM, Xavier Brochard<xavier at alternatif.org> 
wrote:
> > I was wondering what is the best solution (regarding security, network
> > load and dirvish run):
> > - a push backup but mounting the backup disk with sshfs, dirvish on the
> > client - a pull backup, dirvish on the backup server, using dyndns.com or
> > no-ip.com - something else ?
>
> Do the following, using SSH Transport:
>
> Create an entry like this in the backup server's root's .ssh/config:
>
> host dynamic-host
>   hostname localhost
>   port 12321
>   identityfile path-to-id
>
> create a sudoers entry like this on the server:
> backupinitiator      backup-host=(root) NOPASSWD: dirvish --vault
> vault-for-dynamic-host
>
> Then (in addition to normal dirvish configuration) you just have to
>
> (1) get a key for login as backupinitiator on the backup server onto
> the dynamic client
>
> (2) set the dynamic-host of the .ssh/config file above as the target
> host of the dirvish vault on the server
>
> (3) run a command like this on the client:
> ssh  -R 12321:localhost:12321 backupinitiator at server 'sudo dirvish
> --vault vault-for-dynamic-host'

sudo will not ask for a password - isn't that a bit dangerous? backupinitiator 
cando whatever he wants...

> That way you get client-triggered backups, and still use all the
> benefits of rsync with a remote peer. Read up on the format of SSH
> authorized_keys files for additional security (i.e., command
> limiting).

One question, to be sure: in the host directive of ssh config you don't write 
literaly "dynamic-host" ?

Thankyou fo the help.

Xavier
xavier at alternatif.org


More information about the Dirvish mailing list