Backup onto a remote computer

Ok, so you have backups on your local harddrive, for example via Snapshots using rsync and hardlinks or Backup using tar. But wouldn't it be nice to now store some of these also on a different computer. After googling a bit, this is how I copy files to the remote computer:

You need to:

  • be able to setup a new user
  • be able to edit sshd_config

On the remote computer

Most setup is done on the remote computer. First we add a new user, say we call him "backupuser". We then create a ssh-key so that we can log in without a password for this user.

 su backupuser

 ssh-keygen

The idea is that we copy the public key to our computer and can then log in automatically and do a rsync backup via a cron script. The situation that a user can login without a password is not ideal, so we want to restrict what the user can do. For this we create the following script and call it "validate-rsync":

#!/bin/sh

case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Rejected"
;;
*\(*)
echo "Rejected"
;;
*\{*)
echo "Rejected"
;;
*\;*)
echo "Rejected"
;;
*\<*)
echo "Rejected"
;;
*\`*)
echo "Rejected"
;;
*backupuser@server:/backup)
echo "Rejected"
;;
rsync\ --server*)
echo $SSH_ORIGINAL_COMMAND >> ~/rsync.log
$SSH_ORIGINAL_COMMAND
;;
*)
echo "Rejected"
;;
esac

This should allow only "rsync --server" to be executed which makes things a lot saver. Now we have to force this script to be executed whenever a user logs in. We do this by adding the following to the sshd config file:

match User backupuser
  ForceCommand /home/backupuser/bin/validate-rsync
  X11Forwarding no
  AllowTcpForwarding no

On the client

copy the ssh-pub-key to location A and then create a script similar to this one:

#!/bin/bash

# paths and progs I use
DEST=backupuser@server:/backup/
ORIG=/backup/local/weekly.0
RSYNC=/usr/bin/rsync

#don't use anything else
unset PATH

# delete oldest snapshot
$RSYNC -avz --delete-after -e "ssh -i /path/to/keyfile" $ORIG $DEST

this will upload the backup on server

to rotate the backups use the following via cron:

#!/bin/bash

# paths and progs I use
DEST=/backup/
RM=/bin/rm
MV=/bin/mv
CP=/bin/cp
TOUCH=/usr/bin/touch

#don't use anything else
unset PATH

# delete oldest snapshot
if [ -d $DEST/weekly.3 ] ; then          \
$RM -rf $DEST/weekly.3 ;         \
fi ;

# rotate other snapshots
if [ -d $DEST/weekly.2 ] ; then          \
$MV $DEST/weekly.2 $DEST/weekly.3 ;       \
fi;

if [ -d $DEST/weekly.1 ] ; then          \
$MV $DEST/weekly.1 $DEST/weekly.2 ;       \
fi;

if [ -d $DEST/weekly.0 ] ; then          \
$CP -al $DEST/weekly.0 $DEST/weekly.1 ;       \
fi;