ruben/verweg-zfs-backup

Ruben van Staveren acd4ff4962

Store backup scripts

2024-03-19 11:33:12 +01:00

636 B

Raw Blame History

client portion of remote zfs pool backup

Uses hardened ssh access
Uses a geli encrypted zvol to receive the pool
- the geli zvol is only used on demand, the backup pool is imported but not mounted
- using geli also allows for having a zpool on a zvol which is normally not possible

ssh configuration

Add the following to your sshd configuration. The connection comes from a jail that functions as an indermediate agent

Match user root Address 2a10:3781:3e9:1::da7a:caf3
    AllowTcpForwarding no
    ForceCommand /root/zfs-receive.sh
    PermitRootLogin prohibit-password
    PermitTTY no
    X11Forwarding no