Topic: Remote sync of ibays advice

[gbentley]

Hi All,

I would like to setup another SME7 so that each night the ibays of the main office are copied over to a remote office SME7 - essentially its a sync job and was wondering what is the best way to go about this?

Would I need to rsync and shared keys ?

If anyone already has this off to a tea can you please share your experiences!

Many thanks !

[michael_s]

Hi,

see http://forums.contribs.org/index.php?topic=36499.0

or search for affa.

We use it excessive and it works peerfekt even via a "normal DSL"
VPN connection.

BR

[gbentley]

looks good however I only have 3 ibays to backup, and the differences will be small amounts daily. Maybe affa is a bit over the top for this ?

[m]

Maybe affa is a bit over the top for this ?

Definitely not. This is what Affa is (also) designed for.
Setting up a rsync manually is an easy done job. The handling of errors, continuing of interrupted transfers, removing old archives, notfiying the admin and so on is the real time consuming part. This all is done by Affa.
You may want to look at this example: http://wiki.contribs.org/Affa#Backup_single_ibays

[gbentley]

A few questions about affa :-

What sshd settings would I need to use in order for affa / rsync to work correctly?

What router / ports do I need to pass to the server other than 22 ?

What are the security implications of this?

Thank for comments /advice etc.

[m]

What sshd settings would I need to use in order for affa / rsync to work correctly?

In the server-manager of the sourcehost set:
Secure shell access = Allow...
Allow administrative command line access over secure shell = Yes
Allow secure shell access using standard passwords = Yes

Then, on the Affa server,  send the public key using 'affa --send-keys sourcehost'

Now you may set on the sourcehost:
Allow secure shell access using standard passwords = No

What router / ports do I need to pass to the server other than 22 ?

Port 22 only.

What are the security implications of this?

I see none, when you keep your Affa server secure.

[gbentley]

Thanks Mike,

I will certainly look into Affa however had to do a quick job for a client and for my own records did the following ;

On the remote server generate the public keys

# ssh-keygen -t rsa

Copy the public key over to the main server where IP.ADD.RE.SS is IP of main server

# scp /root/.ssh/id_rsa.pub IP.ADD.RE.SS:/root/.ssh/

Back on the main server

# cd /root/.ssh
# cat id_rsa.pub >> authorized_keys2

Back on remote server made a simple cron job to kick off the rsync command below ;

# mkdir /etc/e-smith/templates-custom/etc
# mkdir /etc/e-smith/templates-custom/etc/crontab
# touch /etc/e-smith/templates-custom/etc/crontab/rsyncjob
# vi /etc/e-smith/templates-custom/etc/crontab/rsyncjob

-- Sample Edit --

# Run rsync job at 3am daily
0 3 * * * root /opt/rsyncjob.sh | mail -s "Rsync Report" admin

Then ....

# expand-template /etc/crontab

-- sample /opt/rsyncjob.sh ---

#!/bin/sh
# Scheduled rsync of ibay. The remote machine (this one) pulls data from the main machine!
# -------------- Main IP ------ Source directories on main -------- Same directories populated on remote
rsync -avz IP.ADD.RE.SS:/home/e-smith/files/ibays/docs/files/ /home/e-smith/files/ibays/docs/files

[gbentley]

Have found these two pages helpful :-

http://troy.jdmz.net/rsync/index.html
http://sial.org/howto/rsync/

However "PermitRootLogin" can only be Yes or No

and I would like to test ;

PermitRootLogin: forced-commands-only

Would this mean a custom-template for the logic of the pull-down selection in the SSH section of the Remote Access page?