Home Explore Help
Sign In
mirrors
/
borg
mirror of https://github.com/borgbackup/borg
2
0
Fork 0
Files Issues 0 Wiki
Tree: f9d2e6827b
Branches Tags
borg
/
docs
/
usage
/
serve.rst

serve.rst 4.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. .. include:: serve.rst.inc
    2. 

  2. 

  3. Examples
    4. 

  4. ~~~~~~~~
    5. 

  5. 

  6. ``borg serve`` has special support for ssh forced commands (see ``authorized_keys``
    7. 

  7. example below): if the environment variable SSH_ORIGINAL_COMMAND is set it will
    8. 

  8. ignore some options given on the command line and use the values from the
    9. 

  9. variable instead. This only applies to a carefully controlled allowlist of safe
    10. 

  10. options. This list currently contains:
    11. 

  11. 

  12. - Options that control the log level and debug topics printed
    13. 

  13.   such as ``--verbose``, ``--info``, ``--debug``, ``--debug-topic``, etc.
    14. 

  14. - ``--lock-wait`` to allow the client to control how long to wait before
    15. 

  15.   giving up and aborting the operation when another process is holding a lock.
    16. 

  16. 

  17. Environment variables (such as BORG_XXX) contained in the original
    18. 

  18. command sent by the client are *not* interpreted, but ignored. If BORG_XXX environment
    19. 

  19. variables should be set on the ``borg serve`` side, then these must be set in system-specific
    20. 

  20. locations like ``/etc/environment`` or in the forced command itself (example below).
    21. 

  21. 

  22. ::
    23. 

  23. 

  24.     # Allow an SSH keypair to run only borg, and only have access to /path/to/repo.
    25. 

  25.     # Use key options to disable unneeded and potentially dangerous SSH functionality.
    26. 

  26.     # This will help to secure an automated remote backup system.
    27. 

  27.     $ cat ~/.ssh/authorized_keys
    28. 

  28.     command="borg serve --restrict-to-path /path/to/repo",restrict ssh-rsa AAAAB3[...]
    29. 

  29. 

  30.     # Set a BORG_XXX environment variable on the "borg serve" side
    31. 

  31.     $ cat ~/.ssh/authorized_keys
    32. 

  32.     command="export BORG_XXX=value; borg serve [...]",restrict ssh-rsa [...]
    33. 

  33. 

  34. .. note::
    35. 

  35.     The examples above use the ``restrict`` directive. This does automatically
    36. 

  36.     block potential dangerous ssh features, even when they are added in a future
    37. 

  37.     update. Thus, this option should be preferred.
    38. 

  38.     
    39. 

  39.     If you're using openssh-server < 7.2, however, you have to specify explicitly
    40. 

  40.     the ssh features to restrict and cannot simply use the restrict option as it
    41. 

  41.     has been introduced in v7.2. We recommend to use
    42. 

  42.     ``no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc``
    43. 

  43.     in this case.
    44. 

  44. 

  45. Details about sshd usage: `sshd(8) <https://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8>`_
    46. 

  46. 

  47. SSH Configuration
    48. 

  48. ~~~~~~~~~~~~~~~~~
    49. 

  49. ``borg serve``'s pipes (``stdin``/``stdout``/``stderr``) are connected to the ``sshd`` process on the server side. In the event that the SSH connection between ``borg serve`` and the client is disconnected or stuck abnormally (for example, due to a network outage), it can take a long time for ``sshd`` to notice the client is disconnected. In the meantime, ``sshd`` continues running, and as a result so does the ``borg serve`` process holding the lock on the repository. This can cause subsequent ``borg`` operations on the remote repository to fail with the error: ``Failed to create/acquire the lock``.
    50. 

  50. 

  51. In order to avoid this, it is recommended to perform the following additional SSH configuration:
    52. 

  52. 

  53. Either in the client side's ``~/.ssh/config`` file, or in the client's ``/etc/ssh/ssh_config`` file:
    54. 

  54. ::
    55. 

  55. 

  56.     Host backupserver
    57. 

  57.             ServerAliveInterval 10
    58. 

  58.             ServerAliveCountMax 30
    59. 

  59. 

  60. Replacing ``backupserver`` with the hostname, FQDN or IP address of the borg server.
    61. 

  61. 

  62. This will cause the client to send a keepalive to the server every 10 seconds. If 30 consecutive keepalives are sent without a response (a time of 300 seconds), the ssh client process will be terminated, causing the borg process to terminate gracefully.
    63. 

  63. 

  64. On the server side's ``sshd`` configuration file (typically ``/etc/ssh/sshd_config``):
    65. 

  65. ::
    66. 

  66. 

  67.     ClientAliveInterval 10
    68. 

  68.     ClientAliveCountMax 30
    69. 

  69. 

  70. This will cause the server to send a keep alive to the client every 10 seconds. If 30 consecutive keepalives are sent without a response (a time of 300 seconds), the server's sshd process will be terminated, causing the ``borg serve`` process to terminate gracefully and release the lock on the repository.
    71. 

  71. 

  72. If you then run borg commands with ``--lock-wait 600``, this gives sufficient time for the borg serve processes to terminate after the SSH connection is torn down after the 300 second wait for the keepalives to fail.
    73. 

  73. 

  74. You may, of course, modify the timeout values demonstrated above to values that suit your environment and use case.
    75.