From owner-freebsd-isp@FreeBSD.ORG  Fri Aug  1 05:37:20 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A548D37B401
	for <freebsd-isp@freebsd.org>; Fri,  1 Aug 2003 05:37:20 -0700 (PDT)
Received: from web1.nexusinternetsolutions.net
	(web1.nexusinternetsolutions.net [206.47.131.12])
	by mx1.FreeBSD.org (Postfix) with SMTP id C2D0D43F85
	for <freebsd-isp@freebsd.org>; Fri,  1 Aug 2003 05:37:19 -0700 (PDT)
	(envelope-from dave@hawk-systems.com)
Received: (qmail 40839 invoked from network); 1 Aug 2003 12:37:18 -0000
Received: from unknown (HELO ws1) (65.49.236.97)
  by web1.nexusinternetsolutions.net with SMTP; 1 Aug 2003 12:37:18 -0000
From: "Dave [Hawk-Systems]" <dave@hawk-systems.com>
To: <freebsd-isp@freebsd.org>
Date: Fri, 1 Aug 2003 08:37:17 -0400
Message-ID: <DBEIKNMKGOBGNDHAAKGNCEKBCPAC.dave@hawk-systems.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
In-reply-to: <20030801090148.C78487@gwd.nnn.tstu.ru>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Subject: RE: dump directly to remote HDD over ssh <-- take it up a notch
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Aug 2003 12:37:21 -0000

>> to ensure that we don't get too many servers trying to back up to the big
>> archive server at once, we want to run a script from the controller server...
>>
>> #!/bin/sh
>> ssh server1 "dump -3uf - /usr | ssh big_backup_server dd
>> of=/backups/server1.usr.dump"
> In this case you allow logon without password  as _root_ to your server[12]
>AND allow logon without password as _user_who_can_read_dumps_ to your
>big_backup_server. It's too many security risks, isn't it?

not if the process is being run a user "backup" which exists on all systems, and
the remote systems have the the public key for that user distributed to the
machines.  That way only user backup can connect to the servers and run these
tasks from the controller server. no?

Dave

>> ssh server1 "dump -3uf - / | ssh big_backup_server dd
>> of=/backups/server1.root.dump"
>> ssh server2 "dump -3uf - /usr | ssh big_backup_server dd
>> of=/backups/server2.usr.dump"
>> ssh server2 "dump -3uf - / | ssh big_backup_server dd
>> of=/backups/server2.root.dump"
>>
>> running it in this way should ensure that each dump completes before the next
>> one is started, keeping them stacked, but not overlaying each other and
>> effectively DOSing the box with all that data, correct?