Remote backup using ssh, tar and cron

| | | |
Are you looking for a solution to backup your data to a remote location? While a solid backup solution such as Arkeia or TSM from IBM are nice from an enterprise point of view, simpler solutions are available from a home user's perspective. I will walk you through on you how you can backup your data to a remote server, using the default tools available on all linux systems. In a nutshell, we will use ssh capabilities to allow a cron job to transfer a tarball from you local machine to a remote machine.

For the purpose of this tutorial, the local machine will be called “localmachine” (running slackware) and the remote server will be called “remoteserver” (slackware as well). The user will be joe (me). You will have to substitute those 3 with your own machines names and user.

Generating your private/public key pair

To be able to logon to another server without being prompted for your password, you need to generate a key that will be trusted by the remote server, where your backups will be sent to. To accomplish this, follow the following steps as the user you will use (joe here).
    ssh-keygen -t rsa
You will then be prompted for a file name. Leave it as the default by simply pressing “Enter”.
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/joe/.ssh/id_rsa):
The last step of the key creation is the passphrase. Since the purpose of this is to not enter a password, hence being able to create batch jobs, just hit “Enter” twice, leaving them blank.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/joe/.ssh/id_rsa.
    Your public key has been saved in /home/joe/.ssh/id_rsa.pub.
    The key fingerprint is:
    a6:84:5d:a6:cd:ff:31:48:21:85:ca:46:93:88:7a:50 joe@localmachine
This just created 2 files in the user's home directory. ~/.ssh/id_rsa (the private key) and ~/.ssh/id_rsa.pub.
The id_rsa.pub is your public key, which you share with the remote host. The id_rsa is your private key, and this is only for you. Do not lose it or share it with anyone, as this is your passkey! Make sure the file is not readable by anyone but you (chmod 600 ~/.ssh/id_rsa). Anyone having a copy of this key could usurpate your identity and login to this server as you. It is not any more dangerous to use this method as to use a traditional password, but I will not enter into a debate here.

Now that you have your keyring, it is time to send your public key to the remote machine, so that it can trust you.

Sharing your localmachine public key

First things first, let's make sure that the remote folder into which you will put this key exists (~/.ssh), and will only be readable by you.
    ssh remotemachine “mkdir .ssh; chmod 600 .ssh”
This time, it will prompt you for your password. Enter it. If the remote directory didn't exist, everything should go without a hitch. If not you will receive a message like mkdir: cannot create directory `.ssh': File exists., which is fine. The permissions will be changed nevertheless.

Next step is to actually copy your public key in the remote directory, like this:
    scp ~/.ssh/id_rsa.pub remotemachine:.ssh/authorized_keys2
      joe@localmachine:~$ scp ~/.ssh/id_rsa.pub remotemachine:.ssh/authorized_keys2
      joe@remotemachine's password:
      id_rsa.pub 100% 225 0.0KB/s 00:00
      joe@localmachine:~$
You should now be able to ssh remotemachine, and not being prompted for a password.

Creating the job to be run by cron

To make it easy, we will create the backup tarball first, then ssh it over to the remote host. Beforehand, let's make sure you have a remote directory where you will put the tarball, accessible to the user running the script. In this case, we will use 'backup' directory under joe's homedir, that you can create like this:
    ssh remotemachine “mkdir backup”
Here is what a shell script (home_backup.sh) could look like. This is used to back up a whole home directory.
    #!/bin/bash

    # this tars up joe's home directory into myhome.tar.gz tarball.
    /bin/tar -zcpf /home/joe/myhome.tar.gz /home/joe

    # This sends the tarball to the remote directory
    cat /home/joe/myhome.tar.gz |ssh remotemachine "cd backup; cat > backup.tar.gz"
And this is it! Your tarball is now copied on your remote host. You can go there, check and make sure that the ball untars well, and that permissions were preserved (which they should because of the p switch.)

Cron
All that is left is to create a cron job for this user.
    crontab -e
Let's say we want to backup every night at 2am.
    0 2 * * * /home/joe/home_backup.sh
Save the file, and you're done!

Conclusion

I hope this will help some people to better protect their personal data.
If I can be of any help, you can email me at chapeaurouge_AT_madpenguin_DOT_org. Thanks.

Fred Blaise

Disclaimer: I cannot be held responsible for any data loss due to this HOWTO.
Bookmark/Search this post with:
delicious | digg | vigillar | reddit | magnoliacom | newsvine | furl | google | yahoo | technorati | icerocket | pubsub
login or register to post comments | printer friendly version