[OpenIndiana-discuss] How to manage a send over ssh
Timothy Coalson
tsc5yc at mst.edu
Thu Mar 23 21:56:17 UTC 2017
I did this a different way a while ago to set up a backup script (probably
the old way you mention) - I made a new user solely for the purpose of
receiving (rather than enabling root login), and assigned the "ZFS File
System Management" profile to it (probably with the gui tool for users, a
long time ago - /etc/user_attr does seem to be the file that controls it),
which lets you use "pfexec zfs <whatever>" to gain privileges, but not
other commands (which you don't need). My script then does something like
this (some editing for clarity) for the actual send/receive:
zfs send -vI "$lastbackup" "$source@$backupname" | mbuffer -m 512M -q | ssh
"$login"@"$receiveserver" "mbuffer -m 1G -q | pfexec zfs receive -vF
\"$target\""
This still looks complicated because I put a buffer on both sides of the
ssh - buffering is important for speed because ssh has very little
buffering, and send/receive need buffering to work well with a throttled
pipe. This runs close to the gigabit network speed for me, so I haven't
tried to replace ssh with a different transfer method.
The main advantage with this way is that you don't leave root ssh exposed
for people to try to break into, and the special user for receiving can't
get higher privileges for anything other than "zfs".
Tim
On Thu, Mar 23, 2017 at 3:15 PM, Harry Putnam <reader at newsguy.com> wrote:
> Thank you both for the techniques.
>
> I think it used to take a few more steps to make it possible to ssh to
> root. Last time I did that it involved editing a pam file
> /etc/user_attr. Maybe more but that was a good while ago.
>
> I see its been made simpler. Or maybe I was all wet back then too.
>
>
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
>
More information about the openindiana-discuss
mailing list