Date: Fri, 1 Aug 2003 08:37:17 -0400 From: "Dave [Hawk-Systems]" <dave@hawk-systems.com> To: <freebsd-isp@freebsd.org> Subject: RE: dump directly to remote HDD over ssh <-- take it up a notch Message-ID: <DBEIKNMKGOBGNDHAAKGNCEKBCPAC.dave@hawk-systems.com> In-Reply-To: <20030801090148.C78487@gwd.nnn.tstu.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
>> to ensure that we don't get too many servers trying to back up to the big >> archive server at once, we want to run a script from the controller server... >> >> #!/bin/sh >> ssh server1 "dump -3uf - /usr | ssh big_backup_server dd >> of=/backups/server1.usr.dump" > In this case you allow logon without password as _root_ to your server[12] >AND allow logon without password as _user_who_can_read_dumps_ to your >big_backup_server. It's too many security risks, isn't it? not if the process is being run a user "backup" which exists on all systems, and the remote systems have the the public key for that user distributed to the machines. That way only user backup can connect to the servers and run these tasks from the controller server. no? Dave >> ssh server1 "dump -3uf - / | ssh big_backup_server dd >> of=/backups/server1.root.dump" >> ssh server2 "dump -3uf - /usr | ssh big_backup_server dd >> of=/backups/server2.usr.dump" >> ssh server2 "dump -3uf - / | ssh big_backup_server dd >> of=/backups/server2.root.dump" >> >> running it in this way should ensure that each dump completes before the next >> one is started, keeping them stacked, but not overlaying each other and >> effectively DOSing the box with all that data, correct?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBEIKNMKGOBGNDHAAKGNCEKBCPAC.dave>