Hi there!
After it takes a little time I've managed to install and configure my multiple OpenWrt Devices as expected from my side.
That also contains a weekly file-level Backup of the configuration using the sysupgrade option, which is triggered from my Backup Server via a Script using ssh and key-based authentication between the Server and the OpenWrt Devices.
The Script on the Backup Server contains the following commands:
#!/bin/bash
DATE=`date +%Y-%m-%d`
TIME=`date +%H-%M`
DESDIR=/mounted/samba/share/for/Backup/on/remote/server/ # Destination Path of backup file.
# Create directories
# ---------------
mkdir -p $DESDIR
# Run Backup
# ---------------
echo "Start Backup at "`date +%H:%M`
echo "--------------------------"
ssh -i .ssh/Backup_BCKPSRV -p 112 root@192.168.1.1 "umask go=; sysupgrade -k -b /tmp/Backup_GATEWAY_$(date +%F).tar.gz"
scp -r -P 112 -i .ssh/Backup_BCKPSRV root@192.168.1.1:/tmp/Backup* $DESDIR
ssh -i .ssh/Backup_BCKPSRV -p 112 root@192.168.1.1 "rm /tmp/Backup_GATEWAY*.tar.gz"
wait
echo "--------------------------"
echo "Backup finished at "`date +%H:%M`
echo "==============================="
As you can see, the given Script is very simple and works fine. As I'm a bit paranoid about IT-Security, I was wondering, if those commands can also be used in an non-root-user-context on the OpenWrt devices, so that I didn't need to gain full root access from Backup Server to Backup the files.
Can anyone give me an advice how to do that?
Please note: I'd only want to use ssh for that - I know, there are several other ways to do that (mount a samba share, rsync, etc.) but i want to keep the OpenWrt setup small and, due to my aforementioned paranoidness about IT-Security, also keep it less vulnerable to attacks from inside and outside.
I've also tried the ForceCommand option via the authorized_keys file, but that is also not the right way for me as I have to write a script on the OpenWrt device, which is executing the commands and transfers the Backup File to the Backup Server, where also have a few commands to be running, triggered from the Script, to move the Backup to the right Destination.
I hope I was able to present my concern clearly enough