Sorry for late reply. I've been painting our house & getting it ready to sell/move. Thanks for this help here..
I got remote rdiff-backup working without any "premission denied" issues and without allowing root login. This was my process in case it's useful for others & in case I can make it better :
1) Made sure rdiff-backup was installed on both backup server & client/host & verified versions were the same: rdiff-backup --version
2) Create an unpriviledged backup user "rdiff-bak" on client to be backed up.
3) On backup server created SSH keys at root@server
Code:
ssh-keygen -t ed25519
4) Copy the SSH .pub key to the remote client using
Code:
ssh-copy-id -i ~/.ssh/id_ed25519.pub rdiff-bak@192.168.101.7 -p 34629
5) Verified permissions at /home/rdiff-bak/.ssh/authorized_keys (/.ssh = 700), (authorized_keys = 600)
6) Verified sshd_config entries on remote client:
Code:
Port 34629
AllowUsers otheruser rdiff-bak
PermitRootLogin no
ChallengeResponseAuthentication no
PasswordAuthentication no
AuthenticationMethods publickey
PubkeyAuthentication yes
PermitEmptyPasswords no
7) restarted sshd service: sudo systemctl restart sshd.service
8) Tested SSH connection (good)
9) Provided more access for the rdiff-bak user by giving limited sudo priviledges by adding this at: root@server:# visudo
Code:
rdiff-bak ALL = NOPASSWD: /usr/bin/rdiff-backup --server --restrict-read-only /
10) On backup server, added host information to ~/.ssh/config to simplify the SSH command (as shared earlier)
11) Used --remote-schema to get rdiff-backup to use sudo & tested a trial backup of /etc. Perhaps I don't understand this part very much, but it worked. I had read this may be necessary in order to use sudo at the remote host?
Code:
rdiff-backup --remote-schema 'ssh -C %s "sudo /usr/bin/rdiff-backup --server --restrict-read-only /"' -v5 --exclude-special-files --include /etc --exclude '**' backup-client-251::/ /backups/Desktops/temp/
12) Created a backup script to run the desired rdiff-backup.
13) Automated it with Cron
Bookmarks