add ssh port to schedule backups

7 posts / 0 new
Last post
#1 Mon, 06/30/2008 - 01:18
rpereyra

add ssh port to schedule backups

Hi

Would be nice to have a port option with ssh server backups.

Many people use non standard port (22) for safety reasons. Thanks a lot for Virtualmin.

Roberto

Mon, 06/30/2008 - 02:38
sgrayban

Best ask this as a feature enhancement then here.

http://www.virtualmin.com/bugs/

Mon, 06/30/2008 - 03:18 (Reply to #2)
rpereyra

Hi

Done: FS#4211 - add ssh port to schedule backups

roberto

Mon, 06/30/2008 - 03:27 (Reply to #3)
ronald
ronald's picture

I did ask also for this. For the module "filesystem backup module"

Jamies answer:
"Sadly, this is not possible - the Filesystem Backup module makes use of the tar command to do the actual backup, and it doesnt have any way to SSH to a different port :-(

The only work-around is to backup to a local file, then set the "command to run after backup" to something that SCPs the file to the remote system."

To make it possible Jamie would need to rewrite the Tar command.
It is possible though for the scheduled backups off virtual servers.

Tue, 07/01/2008 - 04:08 (Reply to #4)
ronald
ronald's picture

<div class='quote'>And using a non-standard port is not particularly safer.</div>

this is true however it takes care of 99% of random attacks done by bots and script kiddies and File /var/log/secure will stay a lot cleaner and better readable
this way you can better identify a targeted attack and anticipate

Mon, 06/30/2008 - 13:14
Joe
Joe's picture

OK, so since there's lot of conflicting information in this thread I'll give a definitive answer:

Alternate ports are not possible for incremental backups over ssh, because the tar command manages the incrementals, and it only works over port 22. There's nothing we can do about this, because we don't maintain GNU tar. The workaround is mentioned in ronald's post.

And using a non-standard port is not particularly safer. A port scan will find ssh on any port (most services have quite distinctive responses and can be identified easily). Strong passwords is safer. Disallowing direct root logins is safer (or only via key).

--

Check out the forum guidelines!

Mon, 06/30/2008 - 14:46 (Reply to #6)
Joe
Joe's picture

Oh, yeah, as Jamie mentioned in the bug in the tracker, when the tar command isn't handling the ssh connection, you can append the port to the server with :port

--

Check out the forum guidelines!

Topic locked