verweg-zfs-backup/client/README.md

# client portion of remote zfs pool backup

* Uses hardened ssh access
* Uses a geli encrypted zvol to receive the pool
  * the geli zvol is only used on demand, the backup pool is imported but not mounted
  * _using geli also allows for having a zpool on a zvol which is normally not possible_

# ssh configuration

Add the following to your sshd configuration. The connection comes from a jail that functions as an indermediate agent

```
Match user root Address 2a10:3781:3e9:1::da7a:caf3
    AllowTcpForwarding no
    ForceCommand /root/zfs-receive.sh
    PermitRootLogin prohibit-password
    PermitTTY no
    X11Forwarding no
```
Store backup scripts 2024-03-19 11:33:12 +01:00			`# client portion of remote zfs pool backup`

			`* Uses hardened ssh access`
			`* Uses a geli encrypted zvol to receive the pool`
			`* the geli zvol is only used on demand, the backup pool is imported but not mounted`
			`* _using geli also allows for having a zpool on a zvol which is normally not possible_`

			`# ssh configuration`

			`Add the following to your sshd configuration. The connection comes from a jail that functions as an indermediate agent`

			```
			`Match user root Address 2a10:3781:3e9:1::da7a:caf3`
			`AllowTcpForwarding no`
			`ForceCommand /root/zfs-receive.sh`
			`PermitRootLogin prohibit-password`
			`PermitTTY no`
			`X11Forwarding no`
			```