From owner-freebsd-questions@FreeBSD.ORG Sat Jun 7 13:24:43 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BB0FC106566B for ; Sat, 7 Jun 2008 13:24:43 +0000 (UTC) (envelope-from bsd@todoo.biz) Received: from newmail.rmm.fr (newmail.rmm.fr [87.98.206.99]) by mx1.freebsd.org (Postfix) with ESMTP id 4C8E08FC16 for ; Sat, 7 Jun 2008 13:24:43 +0000 (UTC) (envelope-from bsd@todoo.biz) Received: from localhost (localhost [127.0.0.1]) by newmail.rmm.fr (Postfix) with ESMTP id 9E58429872; Sat, 7 Jun 2008 15:24:41 +0200 (CEST) X-Virus-Scanned: amavisd-new 2.6.0 (20080423) at rmm.fr Received: from newmail.rmm.fr ([127.0.0.1]) by localhost (newmail.rmm.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3qXW6wav8rYF; Sat, 7 Jun 2008 15:24:41 +0200 (CEST) Received: from [10.0.1.4] (unknown [41.222.254.90]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: grego03) by newmail.rmm.fr (Postfix) with ESMTPSA id 30AE629871; Sat, 7 Jun 2008 15:24:23 +0200 (CEST) Message-Id: <635632E3-80FD-4914-B5B4-72B951E95815@todoo.biz> From: bsd To: z.szalbot@lc-words.com In-Reply-To: <483D0181.5010605@lc-words.com> Content-Type: text/plain; charset=WINDOWS-1252; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Apple Message framework v924) Date: Sat, 7 Jun 2008 14:23:22 +0100 References: <483C8060.2070003@lc-words.com> <483C87F0.9030803@mikestammer.com> <483D0181.5010605@lc-words.com> X-Mailer: Apple Mail (2.924) Cc: Liste FreeBSD Subject: Re: dump and remote file fetching X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jun 2008 13:24:43 -0000 What I do : Allow ssh access only using key "PubkeyAuthentication yes" Allow root access Create a root ssh Pubkey Automate the access using any script based on ssh=85 If you want to be more restrictive, you can deploy a firewall localy =20 on your server and limit ssh access to one or more selected IPs. Bye // Le 28 mai 08 =E0 07:53, Zbigniew Szalbot a =E9crit : > Hi there, > >>> Need a word of advice. I use dump to backup my data. All fine. =20 >>> Dump saves compressed *.bz2 files. Nice. All I need now is a way =20 >>> to copy them from the server to a remote backup machine. The =20 >>> problem I am facing is that bz2 files are owned by root:wheel. So =20= >>> if I use scp user@domain.tld:/path/to/*.bz2, it does not have =20 >>> sufficient permissions to fetch the files. I can use sudo, but =20 >>> then I need to interactively type the password, which I would like =20= >>> to avoid. >>> Can you suggest simple ways of getting around this? I don't mind =20 >>> using special tools for the job, especially if they are not too =20 >>> complicated... :) >>> Before firing this email off I took a look at rsync and it seems =20 >>> easy enough to do just what I need but still many thanks for =20 >>> suggestions! >> I have been very happy with rsnapshot. Take that for a spin and =20 >> see how it works for you > > I have taken a look at rsnapshot but it seems I am left to deal with =20= > the same problem: > > =46rom their page: > In addition to full paths on the local filesystem, you can also =20 > backup remote systems using rsync over ssh. If you have ssh =20 > installed and enabled (via the cmd_ssh parameter), you can specify a =20= > path like: > > backup root@example.com:/etc/ example.com/ > > This behaves fundamentally the same way, but you must take a few =20 > extra things into account. > > a/ The ssh daemon must be running on example.com > b/ You must have access to the account you specify the remote =20 > machine, in this case the root user on example.com. > > I do not allow remote root login so what are my options in that =20 > case? How do you deal with such a scenario? Many thanks! > > --=20 > Zbigniew Szalbot > www.lc-words.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org=20 > " =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF= =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF Gregober ---> PGP ID --> 0x1BA3C2FD bsd @at@ todoo.biz =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF= =AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF=AF P "Please consider your environmental responsibility before printing =20 this e-mail"