>> On Wed, 27 May 2009 15:03:30 -0700, 
>> prad <p...@towardsfreedom.com> said:

P> We are thinking of rsync to duplicate 1st [box] > 2nd [box] (with the
P> exception of rc.conf and a few other files of course because we don't
P> want them to be absolutely identical).

P> we plan to allow root login and have disabled all password access so
P> that rsync can preserve permissions.  is this a good way to accomplish
P> the bkp job?

   If you're going to use root login, I'd suggest access control for ssh
   via either daemontools or tcpwrappers, and add some extra security
   by putting 'from="hostname"' in root's entry in the "authorized_keys2"

   from="1st.box.com" ssh-dss AAAAB3NzaC1MtH[...]WDXDrq03pE= r...@1st.box.com

   It's not strictly necessary to allow root connections if you want
   to keep permissions intact.  I use an unprivileged account ("bkup")
   to copy gzipped cpio archives between systems.  On the 1st box, root
   can use pax or cpio to create the archive, and then run something as
   user "bkup" to do the copy to the 2nd box:

     root# cd /some/where
     root# find . -print | pax -x cpio -wd | gzip -1c > /tmp/arch.pax.gz
     root# su bkup -c "scp -c arcfour -i /bkup/.ssh/backuphost_dsa \
           /tmp/arch.pax.gz 2nd.box.com:/someplace/bkup/can/write"

   The arcfour cipher will probably give you better throughput.  To unpack
   the files on 2nd.box.com:

     root# cd /some/where/else
     root# gunzip -c /someplace/bkup/can/write/arch.pax.gz | pax -rd -pe
     root# rm /someplace/bkup/can/write/arch.pax.gz

   If the files you're syncing are huge, you're better off using root login
   plus rsync.

Karl Vogel                      I don't speak for the USAF or my company

SUVs are gross because they're the solution to a gross problem:
how to make minivans look more masculine.                      --Paul Graham
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to