Les Mikesell wrote at about 16:30:35 -0500 on Thursday, May 21, 2009: > Skip Guenter wrote: > > > > When I do: "sudo su backuppc" > > followed by: "ssh -x -l backuppc c17-desktop date" > > i get: "ssh: connect to host c17-desktop port 22: Connection refused" > > Which I believe ya'll are telling me is because I don't have ssh-keys > > set up correctly. > > No, you haven't gotten that far. Connection refused means you don't > have a listening sshd running or a firewall is blocking port 22. If > your keys aren't right you'll normally just get a password prompt. > > > I do have user backuppc set up to be able to run rsync w/o a password > > via: "sudo visudo" > > which shows: > > # User privilege specification > > root ALL=(ALL) ALL > > backuppc ALL=NOPASSWD: /user/bin/rsync > > You can skip ssh for local backups if you use another way to get root > access. >
I similarly don't use ssh on my local server for two reasons: 1. ssh adds unnecessary encryption (and depending on your configuration also compression) overhead that is not necessary on your local system where there is no remote link traffic. Why add an unnecessary tunnel? 2. giving ssh root-level access (necessary to read/write all files) *seems* more dangerous than letting user 'backuppc' run 'rsync' as root. Now I know that technically if you can read/write a file with rsync then you can easily get root access but it just seems tighter and neater that way to limit unnecessary privileges. Also, technically you only need the ability for 'rsync' to *read* files as root as long as you are doing just backups (and not restores). I believe the following sudoer line restricts the rsync mode to sender so that you are only giving rsync root permission to read (not write) files. backuppc ALL=NOPASSWD: /usr/bin/rsync --server --sender * > -- > Les Mikesell > lesmikes...@gmail.com > > > > > ------------------------------------------------------------------------------ > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT > is a gathering of tech-side developers & brand creativity professionals. Meet > the minds behind Google Creative Lab, Visual Complexity, Processing, & > iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian > Group, R/GA, & Big Spaceship. http://www.creativitycat.com > _______________________________________________ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > Wiki: http://backuppc.wiki.sourceforge.net > Project: http://backuppc.sourceforge.net/ > ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/