From owner-freebsd-questions@FreeBSD.ORG Wed Nov 16 15:33:33 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9611216A4F8 for ; Wed, 16 Nov 2005 15:33:33 +0000 (GMT) (envelope-from o.greve@axis.nl) Received: from yggdrasil.interstroom.nl (yggdrasil.interstroom.nl [80.85.129.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id C632243D75 for ; Wed, 16 Nov 2005 15:33:30 +0000 (GMT) (envelope-from o.greve@axis.nl) Received: from ip127-180.introweb.nl ([80.65.127.180] helo=[192.168.1.42]) by yggdrasil with asmtp (Exim 3.35 #1 (Debian)) id 1EcPHY-00071K-00; Wed, 16 Nov 2005 16:33:08 +0100 Message-ID: <437B5133.5010009@axis.nl> Date: Wed, 16 Nov 2005 16:33:07 +0100 From: Olaf Greve User-Agent: Mozilla Thunderbird 1.0.7-1.4.1.centos4 (X11/20051007) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <437B310F.8070501@axis.nl> <437B38D8.9090901@dial.pipex.com> In-Reply-To: <437B38D8.9090901@dial.pipex.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-MailScanner-Information: Interstroom virusscan, please e-mail helpdesk@interstroom.nl for more information X-MailScanner-SpamCheck: Cc: dimitar.vassilev@gmail.com, derek@computinginnovations.com Subject: Re: How to properly set-up an SSH tunnel on FreeBSD for automatic backups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Nov 2005 15:33:33 -0000 Hi all, Thanks for the replies! I also received several very helpful off-list replies, and they caused me to opt for my plan B, which is simply a 'rendez vous' type pull-mechanism. I already had a nightly cron job set up on the live server that neatly dumps the MySQL DB instances to a convenient directory. Also, I already had set up Rsync such that it only ever allows connections from my fall-back machine (I use this for the nightly file syncing), so I just decided to add an additional DB import script which is scheduled well after the DB dumping on the live machine takes place. Those dumps are now picked up using rsync (called from the fall-back machine) and they are then simply locally processed and worked into my DB. The main reason for deciding for this mechanism after all is that for two normal users I want (and need!) to have SSH access enabled from all over the world, using a client like PuTTY, using password authentication, yet opening up SSH in anyway for root is for me a no-no (I see too many SSH hack attempts in my daily security reports in order to feel comfortable with that ;) ). O.k., at the expense of having a perhaps slightly less elegant DB syncing mechanism I have opted for the above and I just tested it and it works fine...:) Cheers, Olafo