We want the backuppc
user on the server to connect securely to another host to back it up. To do this, we’ll generate a key pair without passphrase:
$ sudo -i -u backuppc
Make sure you are the backuppc
user:
$ whoami
Check that it says backuppc
, then:
$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa): <---- press enter
Enter passphrase (empty for no passphrase): <--- press enter
Enter same passphrase again: <--- press enter
Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa.
Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub.
The key fingerprint is:
2f:d9:c6:70:30:25:4c:3e:d2:29:90:6c:e8:4c:2d:f7 backuppc@host222.ws.nsrc.org
The key's randomart image is:
+--[ RSA 2048]----+
| +.. oo . |
| + *. o.+ |
| + + .o B |
| o Eo + |
| S . |
| B |
| o = |
| o |
| |
+-----------------+
Now we need to copy the public key
$ cat ~/.ssh/id_rsa.pub
Copy this with your mouse; it's the key we need to copy to the remote server we'll be taking a backup of.
For security reasons, we prefer to not log in directly as the root
user for backup. By default, Ubuntu has a user named backup
we can use for that. So let's use it.
By default, the backup
user isn't allowed to log in, so we'll have to enable login for this user.
Note: do this on hostY!
$ sudo vipw
Find the line:
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
and replace it with
backup:x:34:34:backup:/var/backups:/bin/bash
Save and exit.
Add the public key to the authorized_keys
file of the backup
user:
$ sudo -s
# mkdir /var/backups/.ssh
# cat > /var/backups/.ssh/authorized_keys
Paste the public key you copied copied earlier, then press ENTER, then CRTL+D.
Now, exit back to sysadm
:
# exit
$ whoami
sysadm
$
Let's now allow the backup
user to call rsync
as the root
user:
$ sudo visudo
Add this at the end of the file:
backup ALL=NOPASSWD: /usr/bin/rsync
Save the file, exit.
Firstly, let's check that we can log in as the backup
user on hostY, using the key we created:
$ sudo -i -u backuppc
$ ssh backup@hostY
If it works, then logout again, then go to the backuppc
web interface:
http://hostN.ws.nsrc.org/backuppc
... then navigate to:
rsync
is selected under XferMethod
(top)
RsyncClientCmd
$sshPath -q -x -l root $host $rsyncPath $argList+
to
$sshPath -q -x -l backup $host $rsyncPath $argList+
2. Do the same for `RsyncClientRestoreCmd`
To add the host:
Click on Edit Hosts
in the left menu, then click the Add
button In the fields that appear, enter:
Save
above.hostY
Edit config
Xfer
XferMethod
, select rsync
RsyncShareName
: set the path to backup to /var/www
then click Add
Save
above.hostY Home
-> then click on Start full backup
When asked to confirm, click on Start full backup
again.Reply from server: ok...
Click on Browse backups
, top left
Browse the contents of the backup, and check that it's ok.
Next, we'll move to doing a restore up another host!