ruben/verweg-zfs-backup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
verweg-zfs-backup/jail
History
Ruben van Staveren acd4ff4962
Store backup scripts
2024-03-19 11:33:12 +01:00
..
README.md
Store backup scripts
2024-03-19 11:33:12 +01:00
zfs-receive.sh
Store backup scripts
2024-03-19 11:33:12 +01:00

README.md

intermediate backup agent

  • Server "sends" the backup to the backup jail
  • The backup jail is ipv6 only, mostly empty, and uses an hardened ssh configuration
  • the receive script immediatly reconnects to the system actually receiving the backup

Setup jail sshd

Add the following to the sshd of the jail. To maximise security ssh certificates are used (but you can do without ymmv)

AcceptEnv LANG LC_*
ChallengeResponseAuthentication no
PasswordAuthentication no
PrintMotd no
RevokedKeys /etc/ssh/ssh_revoked_keys
Subsystem sftp /usr/libexec/sftp-server
TrustedUserCAKeys /etc/ssh/backup-ca.pub
UsePAM no
X11Forwarding yes
Match User root Address 2a02:898::96:1
    ForceCommand /root/zfs-receive.sh
    PermitRootLogin forced-commands-only