Originally Posted by trickykid
If you want to make it more secure, you can limit by hostname or IP for ssh keys, so it won't ask for a password but it's only going to allow that host to login with correct ssh keys.
in my sshd.conf, so users without keys will be dropped (and they really are).
And also I have firewall on my web-server which accepts connections to 22 port only from my office IP.
Is there any method to link user's key to some IP address? i.e. allow login using this key only from given IP address?
If you want to take advantage of rsync's capabilities of only grabbing new edited or updates files, I would suggest not tar or gzipping them up and just run rsync from the backup machine to grab files you want backed up.
so, rsync cannot take only updated parts of gzpped file?
Perhaps a scenerio like this would work for an incremental and full backup plan:
The only downside to this quick setup in my head would be you could only go back to the previous day if you lost a file, couldn't go back several days if someone made a bad configuration or change to a file. But you could get creative and this should give you some type of idea.
i'm currently using the followint scheme:
1. backup content rsync'ed daily to backup server in some folder. "latest" for examle
2. after rsync, "latest" is tarred and gzipped to a file with name like backup-yyyymmdd.tar.gz which is stored in some other folder like "archives"
3. and the last step should be cleanup: delete archives which are too old (two weeks ago in my case).
in my example i can restore any file at any given date inside those two weeks. and i don't need to waste bandwidth for full backup once in a week.
what do you think about my scenario?