3
Machine A holds important source data that needs to be backed up. Machine B is where the data will be backed up to. They're both Ubuntu. I want to have an automated process that allows machine A to create an encrypted tarball and copy it to machine B, without human intervention, but doesn't allow anything except copying the file over to a target directory.
I thought about using a chroot jailed account, but this seems to be a pain to set up and overly complex. I really just want to be able to have machine A to copy files to machine B, via automatic cron, but I also want to prevent the mechanism that allows the copy from allowing any other actions (copying to any other directory, logging in, executing any other commands noninteractively, etc.). Also, the transfer must be encrypted (e.g. using ssh somehow).
1I'd considered this exact idea, actually, although possibly by invoking the tarball command remotely when B calls A, rather than prepping it in advance. (It's a once a month kinda thing.) And yeah, scp would be the way to go. This does seem the most plausible, relatively simple solution. Thanks. – dirtside – 2011-04-09T21:12:48.310
@dirtside: You can then skip scp entirely and use
ssh host run-backup > backup-$(date).txz
; inside run-backup you would havetar
write to stdout without the-f
option. – user1686 – 2011-04-09T21:18:00.287I'd considered that, but part of my backup scheme is to calculate an MD5 hash of the original file before sending it over the network, to reduce the (admittedly highly unlikely) chance of corruption in transit. So it would go: create tar on A, calculate MD5 hash on A, copy both files down to B, delete files from A. – dirtside – 2011-04-09T21:41:56.100
@dirtside: SSH 2 already does integrity checks of each packet, using hmac-sha1.
– user1686 – 2011-04-10T09:00:45.940I know, but corruption after transit is also a concern (I have a mechanism in place for re-checking the MD5 hashes periodically, to make sure the backups haven't somehow gotten corrupted later on). – dirtside – 2011-06-08T20:01:42.527