UsingAnAlternateKey

From RdiffBackupWiki

Or, how to implement an UnattendedRdiff without messing up your root-account-login.

I work often criss-cross over my network. Once I was logged in on the backup-server and I tried to login as root on another server, but what I got was some garble of the rdiff-server. This rather annoyed me, because what happened isn't expected behaviour. (Although a fellow admin mentioned it to me earlier.)

If you login as root you expect a shell and nothing more. So after some man-reading and hacking I came up with a solution: using an alternate key-pair.

Here is how to do it (you can ofcourse replace user with another user):

Create on the pulling backup-host a ssh-key-pair::

ssh-keygen -t dsa -f <whatever>

(Don't supply a passphrase)

This creates a key-pair with name <whatever>.

Copy the public-key to the host(s) you plan to back-up:

scp <whatever>.pub root@<ahost>:/root

Login as root on <ahost>::

ssh root@<ahost>

Add the public key to /root/.ssh/authorized_keys::

echo 'command="rdiff-backup --server",no-pty ' `cat <whatever>.pub` >> ~/.ssh/authorized_keys

(you can add any option you like to rdiff-backup)

Restart sshd::

distribution specific, usually an init.d script

Now on your backup host you can pull the files in with::

rdiff-backup --remote-schema 'ssh -i <whatever> %s rdiff-backup --server' <ahost>::/<data-dir> ::/<backup-dir>