sometimes i need to backup different servers. instead of backing up a each single server to a long term storage i usually copy the important files from every server to a single servers partition and then only backup this single partition. sometimes backups can contain quite sensible data, so this has to be done in a secure way. it also has to be done automated so no human is around to type in the backup servers password.
one approach is using scp or rsync. i usually go for rsync because it can reduce network traffic massively sometimes. to set it up relatively securely i add an ssh dsa key for the root user of each machine that has some files to backup.
ssh-keygen -t dsa
do not enter a password, because the backup has to happen automated there is no one around to type it in. use the proposed file names for the private and public keys.
now you can create a script which copies your data, for example an sql dump to the backup server. instead of using the root account we will create a backup account.
rsync sqldump.sql backup@backupserver:/backups/client1/sqldump.sql
this command doesn’t work yet. first we have to create the user backup on the server.
after that it should work. but there is one problem. it asks for a password. for that we have to take the generated dsa public key and append it’s content (one line of gibberish) to the backup accounts ~/.ssh/authorized_keys file. if this file or directory doesn’t exist yet you can create it. but you have to check that only the owner of the file has write or read permissions. if others can read that file some linux flavours won’t allow clients to connect.
if this worked you can now copy the backups from the clients with a cron job. no one asks for a password any more. that’s nice but a bit insecure. if one of the client machines will be hacked the intruder can connect to the backup server and read all backed up files. that’s not really nice. to prevent that we can limit users to execute only one single command on the backup server. rsync executes on the target server for our command the following command:
rsync --server -e.L . /backups/client1/sqldump.sql
if we go into the authorized_keys file we need to prepend the following part before ssh-dss in front of our public key line. there is also some additional code to disable some ssh functionality like creating a tunnel.
command="rsync --server -e.L --inplace . /backups/client1/sqldump.sql",\
no-pty ssh-dss XX...YY== client1 public key
after that what ever command you try to execute on the backup server connectiong to the backup user the above is executed. so the most terrible thing an attacker can do is overwrite the sqldump file on the backup server.
i can’t guarantee that this setup is really secure or if there might be some holes. i’m no sysadmin and have only limited knowledge about ssh, so use it at your own risk.