Clayton's Tech Bits

Home

Contact

Resumé / C.V.

Links

Search this site:
Custom Search

Categories:

/ (224)
  Admin/ (86)
    Apache/ (7)
      HTTPS-SSL/ (4)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (3)
    Monitoring/ (2)
      munin/ (2)
    OpenVPN/ (1)
    SSH-Proxy/ (3)
    SSH-SSL/ (6)
    backups/ (16)
      SpiderOak/ (1)
      backuppc/ (5)
      dirvish/ (1)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (1)
    commandLine/ (11)
    crontab/ (1)
    databases/ (8)
      MSSQL/ (2)
      MySQL/ (5)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (9)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (6)
    iptables/ (2)
    virtualization/ (8)
      VMware/ (1)
      virtualBox/ (7)
  Coding/ (11)
    bash/ (1)
    gdb/ (1)
    git/ (2)
    php/ (4)
    python/ (3)
      Django/ (1)
  Education/ (1)
  Hosting/ (23)
    Amazon/ (14)
      EBS/ (3)
      EC2/ (11)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (20)
    Awesome/ (3)
    CPUfreq/ (1)
    Chinese/ (1)
    Debian/ (5)
      WPA/ (1)
    audio/ (1)
    encryption/ (2)
    fonts/ (1)
    misc/ (4)
    router-bridge/ (2)
  SW/ (39)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (25)
      Drupal/ (8)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (6)
      WebERP/ (2)
      eGroupware/ (1)
    email/ (1)
    fileSharing/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (12)
    IMchat/ (1)
    circumvention/ (2)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (1)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (13)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)

Archives:

  • 2012/03
  • 2012/01
  • 2011/12
  • 2011/11
  • 2011/10
  • 2011/09
  • 2011/08
  • 2011/07
  • 2011/06
  • 2011/05
  • 2011/04
  • 2011/02
  • 2010/12
  • 2010/11
  • 2010/10
  • 2010/09
  • 2010/08
  • 2010/07
  • 2010/06
  • 2010/05
  • 2010/04
  • 2010/03
  • 2010/02
  • 2010/01
  • 2009/12
  • 2009/11
  • 2009/10
  • 2009/09
  • 2009/08
  • 2009/07
  • 2009/06
  • 2009/05
  • 2009/04
  • 2009/03
  • 2009/02
  • 2009/01
  • 2008/12
  • 2008/11
  • 2008/10
  • 2008/09

    • Subscribe XML RSS Feed

    Thu, 27 May 2010

    /Admin/backups/backuppc: Using rysnc-over-SSH and BackupPC

    The goal here, of course, is to protect your login credentials and the data transferred for backup with encryption. The downside, however, is that you must give your backup server the right to SSH into the client being backed up without a password (configured thusly[1]). One must carefully consider the actual security of the backup server, and whether the degraded security of the client being backed-up is acceptable.

    Assuming passwordless authentication has been configured, test that everything is setup on both ends to do rysnc-over-SSH by running this command on the backup server:

    rsync -avz -e ssh username@client-domain.com:/path/to/testdirectory testing/
    The contents of testdirectory on the client should be copied to testing on the server. Note that one of the advantages of rysnc-over-SSH is that there *is* no other client-side configuration, other then making sure that SSH and rsync are working on that end, and installing the public key of the backup server to enable passwordless authentication.

    If that worked, go ahead and configure BackupPC. First create your /etc/backuppc/client.pl file (borrowed from [2]):

    $Conf{XferMethod} = 'rsync'; $Conf{RsyncClientPath} = '/usr/bin/rsync'; $Conf{RsyncClientCmd} = '$sshPath -q -x -l root $hostIP $rsyncPath $argList+'; $Conf{RsyncClientRestoreCmd} = '$sshPath -q -x -l root $hostIP $rsyncPath $argList+'; $Conf{RsyncShareName} = ['/etc', '/home', '/var/www'];
    Assuming your client has been added to /etc/hosts as "clienthost", one now just needs to add clienthost to /etc/backuppc/hosts thusly:
    clienthost 0 backuppc
    and restart backuppc. Now "client" should show up in BackupPC's list, and you can start the first backup.

    Should the client be using a non-standard SSH port, the easiest solution is to use an SSH alias. I have this working with the following:

    $ cat .ssh/config
    Host olmserver
    Hostname olmserver
    Port 123
    $ cat /etc/hosts | grep olmserver
    102.111.120.117 olmserver
    $ cat /etc/backuppc/hosts | grep olmserver
    olmserver 0 backuppc
    Note that there is no need to change the backuppc configuration for this to work, or in fact even to change the port of the client SSH server. All of the SSH port configuration is handled by the SSH configuration.

    [1] http://blog.langex.net/index.cgi/Admin/SSH-SSL/passwordless-ssh-authentication.html
    [2] http://www.howtoforge.com/linux_backuppc_p3

    posted at: 10:37 | path: /Admin/backups/backuppc | permanent link to this entry