Last updated on Monday 28th of February 2022 08:52:48 PM

©XSIBackup Classic

How to link servers by SSL key pair

 Please note that this post is relative to old deprecated software ©XSIBackup-Classic. Some facts herein contained may still be applicable to more recent versions though.

For new instalations please use new ©XSIBackup which is far more advanced than ©XSIBackup-Classic.

Up until version 4.5.0 ©XSIBackup would use the ©ESXi server's key pair to link to a secondary ©ESXi box. This was not the best way to accomplish this as the ©ESXi server changes it's key on every reboot thus breaking up the trust relationship, so you had to manually issue the command

--link-srv=[Remote ©ESXi IP]

after every reboot. Since version 4.5.0 ©XSIBackup uses its own key pair stored in the same directory where ©XSIBackup is installed, so this key pair is preserved accross reboots and allows also persistence of the trust relationships stablished by means of the SSL key pair.

What do I have to do to upgrade if I have an older version of ©XSIBackup into production?
Well, it's very easy, simply overwrite xsibackup file and relink to the secondary server by issuing

--link-srv=[Remote ©ESXi IP]

This will generate a new key pair into XSIBackup installation directory and use it as ©XSIBackup's key pair instead of using the ©ESXi server's (that will change on every reboot).

Any other thing that I should change?

If you didn't change ©XSIBackup's install dir all other functionalities will keep on working the same.

NEW FILES:

These are the new files that will show up in ©XSIBackup's install dir after linking to a secondary ©ESXi server for the first time.

-rw------- 1 root root 668 Aug 13 10:41 xsibackup_id_dsa
-rw-r--r-- 1 root root 604 Aug 13 10:41 xsibackup_id_dsa.pub


The .pub key will be copied to the /etc/ssh/keys-root/authorized_keys file on every linked server, thus allowing transparent secure commutication between the two servers. This publick key will be invoked by ©XSIBackup on every Rsync over TCP/IP backup operation and tunnel data through SSH.

UPDATE (2016-04-18):

Since version 5.0.0 ©XSIBackup will change from a DSA key pair to RSA. Thus you will need to relink your servers. This has been imposed by a change in VMWare ©ESXi 6.0.0 update 2, which does not allow to use DSA keys any more.