Remote backup with Dirvish, rsync and ssh

Version 1.0

Thor Dreier

<thor@dreier.nu>

Friday, March 25th, 2005

In this guide i will describe how to set up a machine that automaticly takes incremental remote backup of other machines through ssh and rsync.

The newest version of this guide can be found at http://apt-get.dk/howto/backup/

Table of Contents
1. Copyright
2. Changelog
3. Introduction
4. Generel configuration of backup server
5. Server
6. SSH keys
7. Client
8. Create backup

1. Copyright

This guide is releases under GNU Generel Public Licence.

2. Changelog

v1.0, Friday, March 25th, 2005 - The guide is public available (with lot's of spelling errors, crappy english and a lot of unexplained stuff).

3. Introduction

This guide describes how to set up a machine that takes backup of other machines with Dirvish and rsync through SSH.

I will show how it's done if both the backup server and the machine that will be backed is running Debian GNU/Linux. Though it should be relative simple to use the guide on another Un*x.

In this example i presume the following:

The backup server is called "server" and has the IP address 10.0.0.5
The machine that is being backed up is called "client"

4. Generel configuration of backup server

This section is done on the server and should only be done once.

Install Dirvish, rsync and ssh on the backup server:

server:~# apt-get install dirvish ssh

/etc/dirvish/master.conf should look something like this:

bank:
        /data/backup
Runall:

expire-default: +15 days
expire-rule:
        #MIN    HR      DOM     MON     DOW     STRFTIME_FMT
        *       *       *       *       1       +3 months
        *       *       1-7     *       1       +1 year
        *       *       1-7     1,4,7,10 1
        *       10-20   *       *       *       +4 days

Create a dirctory where all backup's will be stored:

server:~# mkdir -p /data/backup
server:~# chmod 700 /data/backup

5. Server

You have to follow the rest of the guide every time you set up a new client (or a partition on a client) that need to be backed up.

This section is done on the server.

Create the directory where the backup's will be stored:

server:~# mkdir -p /data/backup/client-root/dirvish

/data/backup/client-root/dirvish/default.conf should look something like this (to backup the root partition on the client):

client: client
tree: /
index: gzip
image-default: %Y-%m-%d
xdev: 1
exclude:
        var/cache/apt/archives/*
        var/cache/man/*
        tmp/*
        var/tmp/*
rsh: /tmp/ssh

Now create a temporary ssh script to found out the correct rsync commando to be run on the client.

server:~# echo -e '#!/bin/sh\necho $@ > /tmp/rsync' > /tmp/ssh
server:~# chmod +x /tmp/ssh

Run Dirvish so we find the command:

server:~# dirvish --vault client-root --init
server:~# cat /tmp/rsync
client rsync --server --sender -vlHogDtprx --numeric-ids . /

Over on the client we need to use the content of /tmp/rsync (except the first word - the name of the client):

rsync --server --sender -vlHogDtprx --numeric-ids . /

In /data/backup/client-root/dirvish/default.conf your should change the rsh: part to something like this:

rsh: ssh -i /root/.ssh/id_rsa_dirvish_client-root client

And delete the failde backup (to found out the exact rsync command we made a backup, but it failed because the ssh script was used):

server:~# rm -rf /data/backup/client-root/2005-03-25

Remember to change the date to the current date.

6. SSH keys

This section is done on the server.

Create a SSH key that will be used to connect to the client (don't write any password, just press enter) and copy the public part to your client:

server:~# ssh-keygen -t rsa -f /root/.ssh/id_rsa_dirvish_client-root
server:~# scp /root/.ssh/id_rsa_dirvish_client-root.pub user@client:/tmp

7. Client

This section is done on the client.

Install rsync and ssh:

client:~# apt-get install rsync ssh

Copy the key we made on the server into authorized keys:

client:~# cat /tmp/id_rsa_dirvish_client-root.pub >> /root/.ssh/authorized_keys2

In the bottom of /root/.ssh/authorized_keys2 there should be af new line starting with ssh-rsa. Add the following the the beginning of that line:

command="rsync --server --sender -vlHogDtprx --numeric-ids . /",from="10.0.0.5",no-port-forwarding,no-X11-forwarding,no-agent-forwarding

Replace the rsync-command with the command we found in /tmp/rsync
Replace the IP-address with the IP-address of the backup server. This is the IP-address the client sees the server with, so if the server is behind NAT and the client is somewhere on the internet, it's the external address.

The line should now look something like this (everyting should be on one line):

command="rsync --server --sender -vlHogDtprx --numeric-ids . /",from="10.0.0.5"
,no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa AAAAB3NzaC1yc
2EAAAABIwAAAIEAxH1KNHrOFn1XOZzYRaCaZRqtFfwjzGYPjE5FMhF4voEetoSojXMTIyUU6EI81S+6
Z9XWPFuEZDN0x2xZzjJlcR0ur1zZ5O0ipfNE7f7hqBusH1NQfE5VmH3R+ehQ61FBztvaGuGtl0DjehX
WUFrMT7INjJu2whz9+3Vtn4Vxp4U= root@server

Now you should problaly have your ssh server set to not accept root logins. Change it so you can log in as root only with a ssh key and a predefined command.

In /etc/ssh/sshd_config set PermitRootLogin to this:

PermitRootLogin forced-commands-only

And reload the ssh server:

client:~# /etc/init.d/ssh reload

8. Create backup

This section is done on the server.

The initial backup can now be startet on the server with this command:

server:~# dirvish --vault client-root --init

This takes som time as all the data is transfered from the client to the server.

If all goes well, you now have af full backup up of the client.

Now set up Dirvish to automatic make a backup every night. In /etc/dirvish/master.conf under Runall: insert a line, so the file looks something like this:

Runall:
        klient-root     22:00