[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Question about ssh passwords and backup software



2012/2/13 Paul E Condon <pecondon@mesanetworks.net>:
> I am researching ways of setting up an automatic backup of
> my several local hosts (read computers in ancient UNIX parlance).
>
> My research has not been exhaustive, but it seems that the backup
> packages that offer backup of one host by another host all involve
> creating a special ssh password for the purpose that is not encripted
> and therefore does not need to be decripted for use. Advice varies as
> to how dangerous this is for security, but there is universal
> consensus that caution should be exercised.
>
> I have discovered an alternative to a passwordless private ssh key in
> the Debian package repository. (Not a great feat for a normal Debian
> user, but I am specially challenged.) The package in question is
> 'sshpass'. It allows one to write a script that feeds a password to
> the system that needs on. And, of course, the password is hidden
> somewhere on the using host in ways that can be questioned.
>
> I want to hear expressions of opinion as to the relative merits of
> having a password hidden somewhere vs. simply having no password on
> the private ssh key. I know there is risk in both and both ways have
> risks, but has anyone compared to two approaches and then decided to
> go one way or the other based on something more than a gut feeling? If
> so, what did you decide, and what were the risk factors that were
> important to you?
>
> If any of you feel that your position on this issue in not an opinion,
> but a fact that is beyond argument, your response is also welcome.
>
> TIA
> --
> Paul E Condon
> pecondon@mesanetworks.net
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: 20120213173652.GA26236@big.lan.gnu">http://lists.debian.org/20120213173652.GA26236@big.lan.gnu
>
Hello Paul,

Several months ago I wrote a small tutorial "Backing up a cpanel
hosting account" [1] on this subject.

Here you are the index:

1.- Crontab for automatic backups.
2.- Public/private keys for passwordless ssh connections. (but still
safe using keychain)
3.- Mysqldump for dumping the MySQL databases to a local file.
4.- Rsync command for synchronizing directories between remote and
local servers. This way bandwidth is reduced as if a file has already
been copied to the local server no data transfer is needed.
5.- SpiderOak for data deduplication and remote backup.

The key for keeping your password safe is the tool keychain. Have a
look to the "Passwordless connections via OpenSSH using public key
authentication, keychain and AgentForward." webpage [2]

"
This page collects into one place the essential steps needed to
generate a private/public key pair and use ssh to connect to remote
hosts without having to enter your password or passphrase more than
once per boot of your trusted workstation.
"

[1] http://www.elsotanillo.net/2011/09/backing-up-a-cpanel-hosting-account/
[2] http://oceanpark.com/notes/howto_ssh_keychain_public_key_authentication_forwarding.html

Best regards

--------------------------------------------------------------------------------------
Juan Sierra Pons                                 juan@elsotanillo.net
Linux User Registered: #257202       http://www.elsotanillo.net
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00  6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------


Reply to: