From owner-freebsd-isp@FreeBSD.ORG  Thu Jul 31 22:02:06 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6418C37B401
	for <freebsd-isp@freebsd.org>; Thu, 31 Jul 2003 22:02:06 -0700 (PDT)
Received: from gwd.nnn.tstu.ru (gwd.nnn.tstu.ru [62.76.180.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DC2D943FB1
	for <freebsd-isp@freebsd.org>; Thu, 31 Jul 2003 22:02:04 -0700 (PDT)
	(envelope-from tim@gwd.nnn.tstu.ru)
Received: from gwd.nnn.tstu.ru (localhost [127.0.0.1])
	by gwd.nnn.tstu.ru (8.12.6p2/8.11.6) with ESMTP id h7151vcp079331;
	Fri, 1 Aug 2003 09:01:58 +0400 (MSD)
	(envelope-from tim@gwd.nnn.tstu.ru)
Received: (from tim@localhost)
	by gwd.nnn.tstu.ru (8.12.6p2/8.12.6/Submit) id h7151nwn079330;
	Fri, 1 Aug 2003 09:01:49 +0400 (MSD)
Date: Fri, 1 Aug 2003 09:01:48 +0400
From: Timofey Chernousov <tim@gwd.nnn.tstu.ru>
To: "Dave [Hawk-Systems]" <dave@hawk-systems.com>
Message-ID: <20030801090148.C78487@gwd.nnn.tstu.ru>
References: <1457.192.168.23.97.1059613662.squirrel@webmail.schmut.com>
	<DBEIKNMKGOBGNDHAAKGNGEALCPAC.dave@hawk-systems.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <DBEIKNMKGOBGNDHAAKGNGEALCPAC.dave@hawk-systems.com>;
	from dave@hawk-systems.com on Thu, Jul 31, 2003 at 09:32:21AM -0400
cc: freebsd-isp@freebsd.org
Subject: Re: dump directly to remote HDD over ssh <-- take it up a notch
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Aug 2003 05:02:06 -0000

On Thu, Jul 31, 2003 at 09:32:21AM -0400, Dave [Hawk-Systems] wrote:
> <continuing thread>
> to ensure that we don't get too many servers trying to back up to the big
> archive server at once, we want to run a script from the controller server...
> 
> #!/bin/sh
> ssh server1 "dump -3uf - /usr | ssh big_backup_server dd
> of=/backups/server1.usr.dump"
 In this case you allow logon without password  as _root_ to your server[12]
AND allow logon without password as _user_who_can_read_dumps_ to your
big_backup_server. It's too many security risks, isn't it?

> ssh server1 "dump -3uf - / | ssh big_backup_server dd
> of=/backups/server1.root.dump"
> ssh server2 "dump -3uf - /usr | ssh big_backup_server dd
> of=/backups/server2.usr.dump"
> ssh server2 "dump -3uf - / | ssh big_backup_server dd
> of=/backups/server2.root.dump"
> 
> running it in this way should ensure that each dump completes before the next
> one is started, keeping them stacked, but not overlaying each other and
> effectively DOSing the box with all that data, correct?
> 
> thanks for this and the verification on the previous
> 
> Dave

-- 
 Tim