My dump of notes for setting up BackupPc - Most of this can be found
within the documents and FAQs on http://backuppc.sourceforge.net/

I have it working quite well able to do backups and restores via the web
interface without allowing root logins via ssh. Although (as with most
backup solutions) you do give the backup user elevated privileges when
running the backup process (rsync). I find it an acceptable solution
for end user backup and restore functionality. There is also the option
of wrapping the rsync command to only allow backup and not restore for
added security.

= Discalmer = I do have this running, but I set it up a while ago and am
just now writing the steps down. I dont think I skipped anything, but
I may have. When I get a chance, I will re-setup and make sure I didnt.

Main BackupPc Box:

(iirc) BackupPc user was created by apt, need to create an ssh key.

[flav@backupserver ~]$ sudo su - backuppc -s /bin/bash -c "ssh-keygen -t rsa"
Password: <my passowrd for sudo access>
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa):
Created directory '/var/lib/backuppc/.ssh'.
Enter passphrase (empty for no passphrase): <return>
Enter same passphrase again: <return>
Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa.
Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub.
The key fingerprint is:
90:db:e9:d3:a6:03:16:88:e1:7c:53:e7:de:bb:cf:35 backuppc@backupserver
[flav@backupserver ~]$ sudo su - backuppc -c "cat .ssh/id_rsa.pub"
ssh-rsa AAAAB3NzaC1yc2Yiw...eYiw8MFVO1RH+igSk= backuppc@backupserver
[flav@backupserver ~]$ _

/etc/backuppc/hosts

host_to_backup   0       backuppc

/etc/backuppc/host_to_backup.pl

# How many days until a full is done:
$Conf{FullPeriod} = 6.97; # Every week

# How many Fulls to keep:
# This should be last two weeks and last two months.
$Conf{FullKeepCnt} = [2,0,2];
$Conf{FullKeepCntMin} = 2;

#How many days until an incremental is done:
$Conf{IncrPeriod} = 0.97; # every day
$Conf{IncrKeepCnt} = 6;

$Conf{BackupFilesOnly} = [  '/etc'
                            , '/var/lib/mysql'
                            , '/home'
                        ];
$Conf{BackupFilesExclude} = ['/home/lost+found'];

$Conf{XferMethod} = 'rsync';

$Conf{RsyncClientCmd}        = '$sshPath  -q -x -l backuppc $host nice -n 19 sudo $rsyncPath $argList+';
$Conf{RsyncClientRestoreCmd} = '$sshPath  -q -x -l backuppc $host nice -n 19 sudo $rsyncPath $argList+';

---

On host_to_backup:

[flav@host_to_backup ~]$ sudo adduser backuppc
Password: <my passowrd for sudo access>
Adding user `backuppc'...
Adding new group `backuppc' (1003).
Adding new user `backuppc' (1003) with group `backuppc'.
Creating home directory `/home/backuppc'.
Copying files from `/etc/skel'
Enter new UNIX password: <some really long impossible to guess password>
Retype new UNIX password: <some really long impossible to guess password>
passwd: password updated successfully
Changing the user information for backuppc
Enter the new value, or press ENTER for the default
        Full Name []: Backup User
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [y/N] y
[flav@host_to_backup ~]$ sudo su - backuppc
[backuppc@host_to_backup ~]$ mkdir .ssh; chmod 700 .ssh
[backuppc@host_to_backup ~]$ vi .ssh/authorized_keys
Insert text from id_rsa.pub above:
 "from="backup.host.lan",no-pty,no-port-forwarding ssh-rsa AAAAB3NzaC1yc2Yiw...eYiw8MFVO1RH+igSk= backuppc@backupserver"
[backuppc@host_to_backup ~]$ chmod 600 .ssh/authorized_keys
[backuppc@host_to_backup ~]$ [ctrl-d]
[flav@host_to_backup ~]$ sudo passwd -l backuppc # to invalidate the password - key access only!
[flav@host_to_backup ~]$ _

/etc/sudoers

backuppc ALL = NOPASSWD: /usr/bin/rsync

*Note: This could be a wrapper script for even more security, at the cost of
not being able to do in place restores via the web interface. See the
BackupPc FAQ.

---

One last step is to verify and accept the fingerprint of host_to_backup.

[flav@backupserver ~]$ sudo su - backuppc -s /bin/bash -c "ssh host_to_backup"
Password: <my passowrd for sudo access>
The authenticity of host 'host_to_backup (111.22.33.4)' can't be established.
RSA key fingerprint is de:ad:00:de:fa:ce:d0:beef0:de:ad:00:be:ef:00:00.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'host_to_backup,111.22.33.4' (RSA) to the list of known hosts.
Linux host_to_backup 2.6.11-1-686 #1 Mon Apr 25 02:31:41 UTC 2005 i686 GNU/Linux
[flav@host_to_backup ~]$ [ctrl-d]
Connection to host_to_backup closed.
[flav@backupserver ~]$ _