After it takes a little time I've managed to install and configure my multiple OpenWrt Devices as expected from my side.
That also contains a weekly file-level Backup of the configuration using the sysupgrade option, which is triggered from my Backup Server via a Script using ssh and key-based authentication between the Server and the OpenWrt Devices.
The Script on the Backup Server contains the following commands:
#!/bin/bash DATE=`date +%Y-%m-%d` TIME=`date +%H-%M` DESDIR=/mounted/samba/share/for/Backup/on/remote/server/ # Destination Path of backup file. # Create directories # --------------- mkdir -p $DESDIR # Run Backup # --------------- echo "Start Backup at "`date +%H:%M` echo "--------------------------" ssh -i .ssh/Backup_BCKPSRV -p 112 firstname.lastname@example.org "umask go=; sysupgrade -k -b /tmp/Backup_GATEWAY_$(date +%F).tar.gz" scp -r -P 112 -i .ssh/Backup_BCKPSRV email@example.com:/tmp/Backup* $DESDIR ssh -i .ssh/Backup_BCKPSRV -p 112 firstname.lastname@example.org "rm /tmp/Backup_GATEWAY*.tar.gz" wait echo "--------------------------" echo "Backup finished at "`date +%H:%M` echo "==============================="
As you can see, the given Script is very simple and works fine. As I'm a bit paranoid about IT-Security, I was wondering, if those commands can also be used in an non-root-user-context on the OpenWrt devices, so that I didn't need to gain full root access from Backup Server to Backup the files.
Can anyone give me an advice how to do that?
Please note: I'd only want to use ssh for that - I know, there are several other ways to do that (mount a samba share, rsync, etc.) but i want to keep the OpenWrt setup small and, due to my aforementioned paranoidness about IT-Security, also keep it less vulnerable to attacks from inside and outside.
I've also tried the ForceCommand option via the authorized_keys file, but that is also not the right way for me as I have to write a script on the OpenWrt device, which is executing the commands and transfers the Backup File to the Backup Server, where also have a few commands to be running, triggered from the Script, to move the Backup to the right Destination.
I hope I was able to present my concern clearly enough