Difference between revisions of "btrbk"
From wiki
(Setup SSH access) |
(Fix source) |
||
Line 4: | Line 4: | ||
== Install == | == Install == | ||
− | btrbk is not yet included in Debian Jessie. Make sure you configure [[Apt|stretch source]] before running the command bellow.<syntaxhighlight lang="console"> | + | btrbk is not yet included in Debian Jessie. Make sure you configure [[Apt|stretch source]] before running the command bellow. |
+ | <syntaxhighlight lang="console"> | ||
# apt install btrbk | # apt install btrbk | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 22: | Line 23: | ||
# mkdir /backup/.ssh | # mkdir /backup/.ssh | ||
# touch /backup/.ssh/authorized_keys | # touch /backup/.ssh/authorized_keys | ||
− | </syntaxhighlight>This user will need to run <code>btrfs</code> tools as root. Let’s add this to the <code>/etc/sudoers</code> file<syntaxhighlight> | + | </syntaxhighlight> |
+ | This user will need to run <code>btrfs</code> tools as root. Let’s add this to the <code>/etc/sudoers</code> file | ||
+ | <syntaxhighlight lang="sh"> | ||
btrbk ALL=NOPASSWD:/bin/btrfs | btrbk ALL=NOPASSWD:/bin/btrfs | ||
− | </syntaxhighlight>If you limited access to certain users through SSH, add <code>btrbk</code> to the [[SSH|AllowUsers]] list and [[SSH|restart SSH]] | + | </syntaxhighlight>If you limited access to certain users through SSH, add <code>btrbk</code> to the [[SSH#Authentication|AllowUsers]] list and [[SSH#Restart|restart SSH]] |
== Setup Client == | == Setup Client == | ||
Line 36: | Line 39: | ||
# cat /etc/btrbk/ssh/id_ed25519 | # cat /etc/btrbk/ssh/id_ed25519 | ||
AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org | AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org | ||
− | </syntaxhighlight>Then, '''on the backup server''', add the following line to <code>/backup/.ssh/authorized_keys</code>.<syntaxhighlight lang="sh"> | + | </syntaxhighlight>Then, '''on the backup server''', add the following line to <code>/backup/.ssh/authorized_keys</code>. |
+ | <syntaxhighlight lang="sh"> | ||
command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwxT6AaiAjahdUBeitkRDK6FXeZhI10rVN8BIeVriXG root@client.example.org | command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwxT6AaiAjahdUBeitkRDK6FXeZhI10rVN8BIeVriXG root@client.example.org | ||
− | </syntaxhighlight>{{TODO|msg = }}[[Category:Debian Release]] | + | </syntaxhighlight> |
+ | {{TODO|msg = }} | ||
+ | |||
+ | [[Category:Debian Release]] | ||
[[Category:Linux Desktop]] | [[Category:Linux Desktop]] | ||
[[Category:Linux Server]] | [[Category:Linux Server]] |
Revision as of 22:30, 30 March 2016
btrbk is a backup tool for Btrfs disks.
Warning: | This page is a work in progress and is not completed. Important informations might be missing or wrong. |
Install
btrbk is not yet included in Debian Jessie. Make sure you configure stretch source before running the command bellow.
# apt install btrbk
Setup Backup Server
Destination Disk
Create a Btrfs volume and mount it on /backup
.
User
# adduser --system --shell /bin/sh --home /backup/ --group --no-create-home btrbk
Adding system user `btrbk' (UID 122) ...
Adding new group `btrbk' (GID 124) ...
Adding new user `btrbk' (UID 122) with group `btrbk' ...
Not creating home directory `/backup/'.
# mkdir /backup/.ssh
# touch /backup/.ssh/authorized_keys
This user will need to run btrfs
tools as root. Let’s add this to the /etc/sudoers
file
btrbk ALL=NOPASSWD:/bin/btrfs
If you limited access to certain users through SSH, add btrbk
to the AllowUsers list and restart SSH
Setup Client
SSH Key
Create an SSH key dedicated to your backups
# mkdir /etc/btrbk/ssh
# chmod 700 /etc/btrbk/ssh
# ssh-keygen -t ed25519 -N "" -f /etc/btrbk/ssh/id_ed25519
...
# cat /etc/btrbk/ssh/id_ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIFWJQzmdbnWfJqfa/YqXHQXh5bhkRir76mkkdVSln+eo root@client.example.org
Then, on the backup server, add the following line to /backup/.ssh/authorized_keys
.
command="/usr/share/btrbk/scripts/ssh_filter_btrbk.sh --target --info -p /backup --sudo",restrict,from="client.example.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwxT6AaiAjahdUBeitkRDK6FXeZhI10rVN8BIeVriXG root@client.example.org
TODO