Koozali.org: home of the SME Server

Solved! BackupPC- 4.4 Changing ssh port

Offline michelandre

  • *
  • 261
  • +0/-0
Re: Solved! BackupPC- 4.4 Changing ssh port
« Reply #15 on: May 06, 2018, 03:50:33 AM »
Hi all,

Very good news,

The problem of "timed out" does not come from SSH at all but from BackupPC.

It is BackupPC that closes the connection because it does not receive an answer to "Are you alive?". BackupPC is too fast asking, and the remote server is busy doing the previous request or "in pause" because of the "sleep". I would point the finger at the too low settings of ServerAliveInterval and ServerAliveCountMax of BackupPC itself...

I found the trouble when I put the "sleep" outside the server command after reversing the order of pre-backup and AutoBlock which make more sense. In doing so, it was BackuPC which was taking the "pause" and the remote server had plenty of time to complete the previous command long before BackupPC asked for "Are you alive?" When asked by BackupPC, he could respond immediately.

It was always working with localserver-template because BackupPC knows it is local and maybe it is not asking the "Are you alive?" IANAP but...

Poor SSH, I have to apologize for doubting him.

Michel-André

Might help someone...
pre-backup script called by:  /var/lib/BackupPC/script/pre-sauvegarde.sh $host

Code: [Select]
#!/bin/sh

#-------------------------------------------
# /var/lib/BackupPC/script/pre-sauvegarde.sh
#
# Michel-André, 2018-05-05_20h24
#-------------------------------------------

# Désactivation d'AutoBlock
/usr/bin/ssh -l root $1 "config setprop sshd AutoBlock disabled;        \
                         /sbin/e-smith/signal-event remoteaccess-update"
 
# Pause de BackupPC
/bin/sleep 45

# Le test ci-dessous va écrire le statut de la propriété AutoBlock dans le journal.
# Output from DumpPreUserCmd:     AutoBlock=disabled
# ou
# Output from DumpPreUserCmd:     AutoBlock=enabled

if  ( ! (/usr/bin/ssh -l root $1 config show sshd | grep  'AutoBlock=disabled') )
    then
        /bin/mail -s "AutoBlock=disabled NON FONCTIONNEL, arrêt des sauvegardes de la machine $1 pour 24 heures" admin@micronator-101.org < /dev/null

#    Arrêt de la sauvegarde en cours et désactivation des sauvegardes de cette machine
#    pour 24 heures.
#
#    Référence:
#    https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg10075.html
#    Stop/delay backups
#        BackupPC_serverMesg stop HOST REQ_USER BACKOFF
#    HOST is the host to cancel, REQ_USER is the requesting user (just for
#    log purposes) and BACKOFF is the backoff time in hours.

    /usr/share/BackupPC/bin/BackupPC_serverMesg stop $1 backuppc 24
fi

# pre-backup
/usr/bin/ssh -l root $1 "/sbin/e-smith/signal-event pre-backup"

# Pause de BackupPC
/bin/sleep 15

post-backup script called by: /var/lib/BackupPC/script/post-sauvegarde.sh $host
Code: [Select]
#!/bin/sh

#--------------------------------------------
# /var/lib/BackupPC/script/post-sauvegarde.sh
#
# Michel-André, 2018-05-05_20h24
#--------------------------------------------

# Commande post-backup
/usr/bin/ssh -l root $1 "/sbin/e-smith/signal-event post-backup"

# Pause de BackupPC
/bin/sleep 15

# Activation d'AutoBlock
/usr/bin/ssh -l root $1 "config setprop sshd AutoBlock enabled;         \
                         /sbin/e-smith/signal-event remoteaccess-update"

# Pause de BackupPC
/bin/sleep 45

# Le test ci-desous va écrire le statut de AutoBlock dans le journal.
# Output from DumpPreUserCmd:     AutoBlock=disabled
# ou
# Output from DumpPreUserCmd:     AutoBlock=enabled

if  ( ! (/usr/bin/ssh -l root $1 config show sshd | grep  'AutoBlock=enabled') )
    then
        /bin/mail -s "AutoBlock=ensabled NON FONCTIONNEL. Vérifiez le paramètre s.v.p." admin@micronator-101.org < /dev/null
fi

Offline michelandre

  • *
  • 261
  • +0/-0
Re: Solved! BackupPC- 4.4 Changing ssh port
« Reply #16 on: May 08, 2018, 04:56:33 AM »
Hi all,

Googling: sshd AutoBlockTries and the first link is: https://wiki.contribs.org/AutoBlock.

The real party pooper is AutoBlockTries=4 counting the accesses only on the External LAN but not on the LOCAL LAN.


Default values
Code: [Select]
AutoBlockTime=900           # 900 seconds  (15 minutes).
AutoBlockTries=4            # meaning that 3 Tries are allowed, the fourth trie is blocked.
AutoBlock=disabled          # default for SME Server 8
AutoBlock=enabled           # default for SME Server 9
Quote
By design only IP outside your local network will be blocked if too many attempts are done.

Quote
Configuring SSH access as public will result in lots of script based login attempts which consume bandwidth,
Quote
It is set to reject connections

I think that login attempts and connections are two different things... a person with a crow bar and a person with a wrapped gift wanting to enter into your birthday party should not be given the same welcome...

Michel-André
« Last Edit: May 08, 2018, 05:03:22 AM by michelandre »

Offline michelandre

  • *
  • 261
  • +0/-0
Re: Solved! BackupPC- 4.4 Changing ssh port
« Reply #17 on: May 12, 2018, 09:17:42 PM »
Hi all,

I made a big mistake in thinking that a complete restoration using BackupPC could be done without having to install, on the destination server, the same contribs as in the source.

My error comes from the fact that I was restoring a backup of a source server without any contribs.

A destination server, for a complete restoration using BackupPC, must have the same installed Contribs as the source before the restoration.

My sincere apologies for this wrong assumption,

Michel-André

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: Solved! BackupPC- 4.4 Changing ssh port
« Reply #18 on: May 12, 2018, 10:02:39 PM »
michelandre

Quote
A destination server, for a complete restoration using BackupPC, must have the same installed Contribs as the source before the restoration.

Perhaps your english grammar is misleading me, but .......

See
https://wiki.contribs.org/Backup_server_config#Backup_and_Restore_concepts.2C_issues_and_other_information

Standard backup & restore procedures advise that a Restore is only done to a clean (fresh) install of the operating system and that Contribs are installed AFTER  the Restore has ben done (not before the Restore).
Also any installed Contribs should be versions that are compatible with a newer OS (when a newer OS has been installed).

AFAIK this is still the case with BackupPC.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Solved! BackupPC- 4.4 Changing ssh port
« Reply #19 on: May 12, 2018, 10:56:42 PM »

AFAIK this is still the case with BackupPC.

not if you restore the full disk, as backuppc or a rsync manual backup could do.

However, this should be avoided when upgrading from one major version to another, as it might overwrite important system files with an older version leading to an unstable behavior.

Offline michelandre

  • *
  • 261
  • +0/-0
Re: Solved! BackupPC- 4.4 Changing ssh port
« Reply #20 on: May 13, 2018, 02:52:27 AM »
Hi Jean-Philippe,

You give hope, I will try again,

Michel-André

Offline michelandre

  • *
  • 261
  • +0/-0
Re: Solved! BackupPC- 4.4 Changing ssh port
« Reply #21 on: May 18, 2018, 02:40:20 AM »
Hi all,

Thank you one more time Jean-Philippe.

The command for the restauration of backup #2 of server Source/192.168.1.152 to a fresh installation/fully updated (no Contribs) remote server Destination/192.168.1.102 from a SSH session at the BackupPC server is:
Code: [Select]
ssh -p 2222 root@192.168.1.102 "cd / && /bin/tar -xvv;                               \
                                /sbin/e-smith/signal-event post-upgrade;             \
                                /sbin/e-smith/signal-event reboot" < source-152-2.tar
...
...
...
-rw-r--r-- root/root                   172 2007-08-28 10:54 ./var/www/icons/small/unknown.png
-rw-r--r-- root/root                   125 2004-11-20 20:16 ./var/www/icons/small/uu.gif
-rw-r--r-- root/root                   166 2007-08-28 10:54 ./var/www/icons/small/uu.png

- The remote server Destination received and executed the post-backup and rebooted, and from then on, was acting exactly as a clone of the server Source.
- All Contribs were restored and the 3 web sites are functionning properly.

For those interested in the complete French documentation:
https://www.micronator.org/affaires/PDF/RF-232/2018-05-17_19h40_Forum-SME/RF-232_BackupPC_2018-05-17_19h31.pdf
https://www.micronator.org/affaires/PDF/RF-232/2018-05-17_19h40_Forum-SME/RF-232_BackupPC_2018-05-17_19h31_SHA-1.txt

Michel-André