Setting
Two servers
- dataserver: Server having different data to be backupped
- backupserver: Server hosting backup repositories
Goal
- Backup server provides single directory /path/to/basedir/
- Data server may init repos and backup files to different repos laying in basedir
- Auth via ssh keys
- repos are append-only
- Access to backupserver is constrained to usage by restic
- There should be no need to add a new SSH-key and a new line in .ssh/authorized_keys for every repo
#Approach 1
Backup Server
rclone.conf
[databackup]
type = alias
remote = /path/to/basedir
Dataserver
restic -o rclone.program="ssh backupserver rclone" -o rclone.args="serve restic --stdio --verbose --append-only" -r rclone:databackup:first_repo init
restic -o rclone.program="ssh backupserver rclone" -o rclone.args="serve restic --stdio --verbose --append-only" -r rclone:databackup:second_repo init
...
- Functional requirements fulfilled , security requirements not fulfilled since not enforced on backup server:
- Append-only can be circumvented
- SSH-Access not restricted to restic/rclone
#Approach 2
Backup Server
~/.ssh/authorized_keys
restrict,command="rclone serve restic --stdio --append-only --verbose databackup" ssh-rsa...
Data Server
restic -o rclone.program="ssh backuphost" -r rclone:first_repo init
- Does not work: “Fatal: create repository at rclone: failed: Fatal: config file already exists”
#Approach 3
Backup Server
rclone.conf
<empty>
~/.ssh/authorized_keys
restrict,command="rclone serve restic --stdio --append-only --verbose /path/to/basedir/" ssh-rsa...
Data Server
restic -o rclone.program="ssh backuphost" -r rclone:x init # "x" will be ignored
- Security requirements fulfilled, functional requirements not fulfilled
- Append-only enforced on server side
- SSH-Access constrained to restic/rclone and /path/to/basedir
- Does not allow multiple repos, /path/to/basedir will itself be initialized as repo
(This is effectively the solution provided by Append-only backups with restic and rclone)
Based on the mentioned non-perfect approaches, which approach could be used to fulfil the initially stated goal?