From owner-freebsd-questions@FreeBSD.ORG Tue Nov 22 22:39:00 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0521A16A41F for ; Tue, 22 Nov 2005 22:39:00 +0000 (GMT) (envelope-from moose@freebsdfreaks.net) Received: from mail.paystone.com (yvr-n-01.paystone.com [209.53.184.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 349A143D55 for ; Tue, 22 Nov 2005 22:38:56 +0000 (GMT) (envelope-from moose@freebsdfreaks.net) Received: by mail.paystone.com (Postfix, from userid 1004) id A38311DF4A; Tue, 22 Nov 2005 14:38:56 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mail.paystone.com (Postfix) with ESMTP id 6D3921DF3A; Tue, 22 Nov 2005 14:38:56 -0800 (PST) Received: from mail.paystone.com ([127.0.0.1]) by localhost (mail.paystone.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 47713-07; Tue, 22 Nov 2005 14:38:56 -0800 (PST) Received: from [192.168.3.91] (unknown [192.168.2.253]) by mail.paystone.com (Postfix) with ESMTP id 080CA1DF22; Tue, 22 Nov 2005 14:38:55 -0800 (PST) Message-ID: <43839DFF.2000703@freebsdfreaks.net> Date: Tue, 22 Nov 2005 14:38:55 -0800 From: Matt Crossley User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051117) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Olaf Greve References: <437B310F.8070501@axis.nl> <437B38D8.9090901@dial.pipex.com> <437B5133.5010009@axis.nl> In-Reply-To: <437B5133.5010009@axis.nl> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: at paystone.com Cc: freebsd-questions@freebsd.org Subject: Re: How to properly set-up an SSH tunnel on FreeBSD for automatic backups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Nov 2005 22:39:00 -0000 Olaf Greve wrote: > Hi all, > > Thanks for the replies! > > I also received several very helpful off-list replies, and they caused > me to opt for my plan B, which is simply a 'rendez vous' type > pull-mechanism. I already had a nightly cron job set up on the live > server that neatly dumps the MySQL DB instances to a convenient > directory. Also, I already had set up Rsync such that it only ever > allows connections from my fall-back machine (I use this for the > nightly file syncing), so I just decided to add an additional DB > import script which is scheduled well after the DB dumping on the live > machine takes place. Those dumps are now picked up using rsync (called > from the fall-back machine) and they are then simply locally processed > and worked into my DB. > > The main reason for deciding for this mechanism after all is that for > two normal users I want (and need!) to have SSH access enabled from > all over the world, using a client like PuTTY, using password > authentication, yet opening up SSH in anyway for root is for me a no-no > (I see too many SSH hack attempts in my daily security reports in > order to feel comfortable with that ;) ). > > O.k., at the expense of having a perhaps slightly less elegant DB > syncing mechanism I have opted for the above and I just tested it and > it works fine...:) > > Cheers, > Olafo > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" You may also want to look into MySQL replication, which is pretty easy to set up. There are some instructions available on the MySQL site here: http://dev.mysql.com/doc/refman/5.0/en/replication-howto.html although you need MySQL 4.1 at a minimum. This will allow for near-instant replication of your MySQL databases, rather than one that is set on a schedule, which would reduce the data loss in the case of a disaster. You could implement something similar to an SSH tunnel for tunnelling the mysql traffic if you so wished, as well. I have written a quick little howto on my website, that discusses a similar project. I had started to write it a little while ago, but I forgot about it. Your post reminded me that it was still sitting around unfinished! You can find it at http://www.freebsdfreaks.net/articles/postfix_secondary_mx_mailbox_replication_mysql_replication_under_freebsd_failover_mx.html . I use this system on our mail servers, and it works quite well. If we ever encounter a problem, I have several options for allowing clients to still receive their email. Cheers, Matt http://www.freebsdfreaks.net/index.php