We all know root logins are a bad idea, but sometimes it’s tricky to do things like backups without using a root login. Through a combination of ssh keys and sudo it’s possible to setup a secure backup that doesn’t use a root login. I’ll describe a setup that uses the machine to be backed up (’target’) and the machine controlling the backups, which has the backup media (’controller’).
<p>First, setup /etc/ssh/sshd_config on the target machine with tight permissions. Some recommended entries:<br />
PermitRootLogin no
AllowUsers backup myaccount
PasswordAuthentication no
Port 2200
<p>Create a backup user on the target machine to run this as:<br />
adduser -c "Backup User" backup
passwd adduser
reallyhardpassword
<p>Now, setup <code>/etc/sudoers</code> on the target machine to allow the backup user to run the rsync program as root:<br />
Defaults:backup !authenticate
backup ALL=(root) /usr/bin/rsync
<p>On the controller, as the user who initiates the backup, make sure you have ssh keys:<br />
ssh-keygen -t rsa -b 2048
[enter]
[enter]
<p>And copy <code>~/.ssh/id_rsa.pub</code> from the controller to, on the target, <code>~backup/.ssh/authorized_keys2</code>. Make sure <code>authorized_keys2</code> is owned by <code>backup.backup</code> and permissions are <code>600</code>.</p>
<p>Now, you can run, from the controller, the backup something like:<br />
/usr/bin/rsync -e ’ssh -p 2200 -avzl –bwlimit=100 –rsync-path=’/usr/bin/sudo /usr/bin/rsync’ backup@example.com:/etc /mnt/backup/example.com
<p>This runs rsync over ssh, using port 2200 (for easy bandwidth classification), limits bandwidth usage to 100 K<b>B</b> per second, and executes rsync on the remote end using sudo. See the rsync man page for more details.</p>
<p>This describes a basic backup strategy - for a more advanced backup scheme, consider implementing <a href="http://www.rsnapshot.org">rsnapshot</a> on top of this infrastructure.