2012/2/13 Paul E Condon <pecon...@mesanetworks.net>: > I am researching ways of setting up an automatic backup of > my several local hosts (read computers in ancient UNIX parlance). > > My research has not been exhaustive, but it seems that the backup > packages that offer backup of one host by another host all involve > creating a special ssh password for the purpose that is not encripted > and therefore does not need to be decripted for use. Advice varies as > to how dangerous this is for security, but there is universal > consensus that caution should be exercised. > > I have discovered an alternative to a passwordless private ssh key in > the Debian package repository. (Not a great feat for a normal Debian > user, but I am specially challenged.) The package in question is > 'sshpass'. It allows one to write a script that feeds a password to > the system that needs on. And, of course, the password is hidden > somewhere on the using host in ways that can be questioned. > > I want to hear expressions of opinion as to the relative merits of > having a password hidden somewhere vs. simply having no password on > the private ssh key. I know there is risk in both and both ways have > risks, but has anyone compared to two approaches and then decided to > go one way or the other based on something more than a gut feeling? If > so, what did you decide, and what were the risk factors that were > important to you? > > If any of you feel that your position on this issue in not an opinion, > but a fact that is beyond argument, your response is also welcome. > > TIA > -- > Paul E Condon > pecon...@mesanetworks.net > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20120213173652.ga26...@big.lan.gnu > Hello Paul,
Several months ago I wrote a small tutorial "Backing up a cpanel hosting account" [1] on this subject. Here you are the index: 1.- Crontab for automatic backups. 2.- Public/private keys for passwordless ssh connections. (but still safe using keychain) 3.- Mysqldump for dumping the MySQL databases to a local file. 4.- Rsync command for synchronizing directories between remote and local servers. This way bandwidth is reduced as if a file has already been copied to the local server no data transfer is needed. 5.- SpiderOak for data deduplication and remote backup. The key for keeping your password safe is the tool keychain. Have a look to the "Passwordless connections via OpenSSH using public key authentication, keychain and AgentForward." webpage [2] " This page collects into one place the essential steps needed to generate a private/public key pair and use ssh to connect to remote hosts without having to enter your password or passphrase more than once per boot of your trusted workstation. " [1] http://www.elsotanillo.net/2011/09/backing-up-a-cpanel-hosting-account/ [2] http://oceanpark.com/notes/howto_ssh_keychain_public_key_authentication_forwarding.html Best regards -------------------------------------------------------------------------------------- Juan Sierra Pons j...@elsotanillo.net Linux User Registered: #257202 http://www.elsotanillo.net GPG key = 0xA110F4FE Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE -------------------------------------------------------------------------------------- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CABS=y9v25zc7xq+unwjh2dbd8fpqujaaeqjri5trkn+-e9w...@mail.gmail.com
