Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

backing up a remote database
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
neuron
Advocate
Advocate


Joined: 28 May 2002
Posts: 2371
PostPosted: Tue Oct 14, 2003 9:49 pm    Post subject: backing up a remote database Reply with quote
I wanna automate backing up a remote database and transporting it to my home system.

what would be the easiest way of doing it?
the absolute best way of doing it would be my server ssh'ing in and executing a backup and scp script or something, not quite sure how I'd do it though.

the reason I wanna do it is that I don't 100% trust the remote server's security, so it'd be very preferable to keep the passwords needed on my box.

is there any way to for example do:

ssh <script>
script connects and enters password automatically (yeah, I know, big no no, but better on my side that on his).
runs mysql database backup (again, putting in password from my script on my computer)
then transports it over?


or I could ftp or mail it I suppose. gpg and mail it from his box to an account on my box may not be such a bad idea. I'd still want a crontabbed script on my box to auto take it out of mailbox and save it somewhere else though (on an encrypted drive).
Back to top
View user's profile Send private message
Lozzer
Tux's lil' helper
Tux's lil' helper


Joined: 18 Sep 2003
Posts: 84
Location: England
PostPosted: Tue Oct 14, 2003 10:12 pm    Post subject: Reply with quote
Look up public key based authentication in the ssh documents. Basically you generate a key pair on you machine, and copy the public key to the database server, put it in the correct place with the correct permissions, and then you can login (from your machine) without entering a password. That just leaves you to write the script that does (without error checking!)
Code:

#!/bin/bash
ssh your.db.server.com "mysqlbackup command"
scp your.db.server.com:/my/sql/backup/file /local/backup/file


and put it in crontab. You aren't really exposing yourself to any more security issues this way - whoever can sniff your mysql password on the remote machine can presumably trash your db anyway.
Back to top
View user's profile Send private message
neuron
Advocate
Advocate


Joined: 28 May 2002
Posts: 2371
PostPosted: Tue Oct 14, 2003 10:17 pm    Post subject: Reply with quote
I don't have root on the remote machine though
Back to top
View user's profile Send private message
kashani
Advocate
Advocate


Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
PostPosted: Tue Oct 14, 2003 10:22 pm    Post subject: Reply with quote
I'd do a local cron on the db server to dump a copy of the db. Then tar.gz the output and scp it over to your server using sshkeys into a role account without a shell. Should provide a reasonable amount of security.

You _should_ be able to grab the file from the command line, but I haven't figured out how to make the following work from a script.

ssh -A server scp yy-mm-dd.tar.gz account@new-server:

Maybe using an identity file with no passphrase. Sort of brings us back to the same scenerio I first mentioned depending on how openssh passes keys around.

Or you could always sftp it down. Hopefully some of this will lead you into the proper direction.

kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape.
Back to top
View user's profile Send private message
neuron
Advocate
Advocate


Joined: 28 May 2002
Posts: 2371
PostPosted: Tue Oct 14, 2003 11:39 pm    Post subject: Reply with quote
thanks, I'll do some testing :)
Back to top
View user's profile Send private message
Lozzer
Tux's lil' helper
Tux's lil' helper


Joined: 18 Sep 2003
Posts: 84
Location: England
PostPosted: Wed Oct 15, 2003 10:08 pm    Post subject: Depends on configuration Reply with quote
Depending on how the remote machine has ssh configured, you may not need to be root to do this. The authentication keys go in
Code:

$HOME/.ssh/authorized_keys

on the remote box and your local host key should go in
Code:

$HOME/.ssh/known_hosts

on the remote box. These file names are just the defaults for Gentoo, other distros/installations may have other names, and they are configurable anyway. Also read the ssh docs to see exactly what goes in them and what permissions they should ahve.

The default installation of ssh allows this AFAIK, the settings to look out for in the remote /etc/ssh/sshd_config are:
Code:

PubkeyAuthentication yes
IgnoreUserKnownHosts no
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy