mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-25 09:19:31 +00:00
Describe performing pull-backups via ssh remote forwarding
This commit is contained in:
parent
dfef2b9092
commit
4216dfd12d
1 changed files with 58 additions and 0 deletions
|
@ -422,3 +422,61 @@ Parentheses are not needed when using a dedicated bash process.
|
||||||
``kill "${SSH_AGENT_PID}"``
|
``kill "${SSH_AGENT_PID}"``
|
||||||
|
|
||||||
Kill ssh-agent with loaded keys when it is not needed anymore.
|
Kill ssh-agent with loaded keys when it is not needed anymore.
|
||||||
|
|
||||||
|
Remote forwarding
|
||||||
|
=================
|
||||||
|
|
||||||
|
The ssh client allows to create tunnels to forward local ports to a remote server and also to allow remote ports to
|
||||||
|
be forwarded to local ports.borg
|
||||||
|
|
||||||
|
This remote forwarding can be used to allow remote backup clients to access the backup server even if the backup server
|
||||||
|
usually cannot be reached by the backup client.
|
||||||
|
|
||||||
|
This can even be used in cases where neither the backup server can reach the backup client and the backup client cannot
|
||||||
|
reach the backup server, but some intermediate host can access both.
|
||||||
|
|
||||||
|
A schematic approach is as follows
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
Backup Server (backup@mybackup) Intermediate Machine (john@myinter) Backup Client (bob@myclient)
|
||||||
|
|
||||||
|
1. Establish SSH remote forwarding -----------> SSH listen on local port
|
||||||
|
|
||||||
|
2. Starting borg create establishes
|
||||||
|
3. SSH forwards to intermediate machine <------- SSH connection to the local port
|
||||||
|
4. Receives backup connection <------- and further on to backup server
|
||||||
|
via SSH
|
||||||
|
|
||||||
|
So for the backup client the backup is done via SSH to a local port and for the backup server there is a normal backup
|
||||||
|
performed via ssh.
|
||||||
|
|
||||||
|
In order to achieve this, the following commands can be used to create the remote port forwarding:
|
||||||
|
|
||||||
|
1. On machine `myinter`
|
||||||
|
|
||||||
|
``ssh bob@myclient -v -C -R 8022:myclient:22 -N``
|
||||||
|
|
||||||
|
This will listen for ssh-connections on port `8022` on `myclient`.
|
||||||
|
|
||||||
|
2. On machine `myclient`
|
||||||
|
|
||||||
|
``borg create -v --progress --stats ssh://backup@localhost:8022/home/backup/repos/dogado /``
|
||||||
|
|
||||||
|
Make sure to use port `8022` and `localhost` for the repository as this instructs borg on `myclient` to use the
|
||||||
|
remote forwarded ssh connection.
|
||||||
|
|
||||||
|
SSH Keys
|
||||||
|
~~~~~~~~
|
||||||
|
|
||||||
|
If you want to automate backups when using this method, the ssh `known_hosts` and `authorized_keys` need to be set up
|
||||||
|
to allow connections.
|
||||||
|
|
||||||
|
Security Considerations
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
Opening up SSH access this way can pose a security risk as it effectively opens remote access to your
|
||||||
|
backup server on the client even if it is located outside of your company network.
|
||||||
|
|
||||||
|
All the additional security considerations for borg should be applied, see :ref:`central-backup-server` for some additional
|
||||||
|
hints.
|
||||||
|
|
Loading…
Reference in a new issue