Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
network_backup [2018/12/10 03:27] henri [Network Backup Related Links] |
network_backup [2020/08/20 23:44] (current) henri [LBackup SSH Wrapper] |
||
---|---|---|---|
Line 5: | Line 5: | ||
* Quick overview of network backups : [[screencasts|LBackup screencasts page]]. | * Quick overview of network backups : [[screencasts|LBackup screencasts page]]. | ||
* Different network backup strategies : [[Network Backup Strategies|Push and Pull Network Backup Strategies page]]. | * Different network backup strategies : [[Network Backup Strategies|Push and Pull Network Backup Strategies page]]. | ||
- | * Why LBackup uses openSSH for network backups : [[http://www.openssh.com/faq.html#1.2|Why SSH?]] | + | * Why LBackup uses openSSH for network backups : [[http://www.openssh.com/features.html|Why SSH?]] |
- | + | ||
- | + | ||
- | //OpenSSH is a suite of tools to help secure your network connections. Here is a list of features: | + | |
- | + | ||
- | Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing). | + | |
- | Improved privacy. All communications are automatically and transparently encrypted. | + | |
- | Secure X11 sessions. The program automatically sets DISPLAY on the server machine, and forwards any X11 connections over the secure channel. | + | |
- | Arbitrary TCP/IP ports can be redirected through the encrypted channel in both directions (e.g., for e-cash transactions). | + | |
- | No retraining needed for normal users. | + | |
- | Never trusts the network. Minimal trust on the remote side of the connection. Minimal trust on domain name servers. Pure RSA authentication never trusts anything but the private key. | + | |
- | Client RSA-authenticates the server machine in the beginning of every connection to prevent trojan horses (by routing or DNS spoofing) and man-in-the-middle attacks, and the server RSA-authenticates the client machine before accepting .rhosts or /etc/hosts.equiv authentication (to prevent DNS, routing, or IP-spoofing). | + | |
- | Host authentication key distribution can be centrally by the administration, automatically when the first connection is made to a machine. | + | |
- | Any user can create any number of user authentication RSA keys for his/her own use. | + | |
- | The server program has its own server RSA key which is automatically regenerated every hour. | + | |
- | An authentication agent, running in the user's laptop or local workstation, can be used to hold the user's RSA authentication keys. | + | |
- | The software can be installed and used (with restricted functionality) even without root privileges. | + | |
- | The client is customizable in system-wide and per-user configuration files. | + | |
- | Optional compression of all data with gzip (including forwarded X11 and TCP/IP port data), which may result in significant speedups on slow connections. | + | |
- | Complete replacement for rlogin, rsh, and rcp.// | + | |
* [[network_backup #ssh_agent_for_unattended_network_backup|SSH agent information for unattended network backups]]. | * [[network_backup #ssh_agent_for_unattended_network_backup|SSH agent information for unattended network backups]]. | ||
* [[http://mah.everybody.org/docs/ssh|What is an SSH agent?]] | * [[http://mah.everybody.org/docs/ssh|What is an SSH agent?]] | ||
* [[http://www.symantec.com/connect/articles/ssh-and-ssh-agent|SSH agent usage]]. | * [[http://www.symantec.com/connect/articles/ssh-and-ssh-agent|SSH agent usage]]. | ||
\\ | \\ | ||
- | |||
===== Mac OS X Hard Links ===== | ===== Mac OS X Hard Links ===== | ||
LBackup relies upon [[http://en.wikipedia.org/wiki/Hard_link|hard links]] to reduce disk usage. | LBackup relies upon [[http://en.wikipedia.org/wiki/Hard_link|hard links]] to reduce disk usage. | ||
Line 262: | Line 241: | ||
# Step (5) : copy the example file into the recently created /etc/ssh_wrappers directory | # Step (5) : copy the example file into the recently created /etc/ssh_wrappers directory | ||
- | sudo cp /lbackup/example_backup_config/resources/ssh-wrappers/lbackup-wrapper.sh ./ | + | sudo cp /etc/lbackup/example_backup_config/resources/ssh-wrappers/lbackup-wrapper.sh ./ |
# Step (6) : ensure that root is the owner of this file | # Step (6) : ensure that root is the owner of this file |