Howto backup a directory using rsync and ssh

By thomas, 5 April, 2006
You can do this with rdist, but I prefer the rsync method.

You wish to backup a directory on machine A by making a copy on machine B. (In our case, machine B is a netapp, so we get further backup for free).

On machine A, create a new key using ssh-keygen [user@A]: cd; cd .ssh [user@A]: ssh-keygen -t dsa -C 'rsync@A' -f rsync_dsa Generating public/private dsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in rsync_dsa. Your public key has been saved in rsync_dsa.pub. The key fingerprint is: fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe:fe rsync@A [user@A]: Next, send the public key rsync_dsa.pub to user@B (machine B). [user@A]: scp rsync_dsa.pub user@B:.ssh/ Now setup A to send updates from your directory to machine B. You can do this with crontab, or create a script in /etc/cron.daily. (We show the script here) [includecode#../scripts/rsync_dir] Now, move over to machine B. On B, we need to add the public key for A to our authorized_keys. More importantly we need to make sure A can only do rsync, we do this by adding a command to the authorized_keys [user@B]: cd; cd .ssh [user@B]: echo 'command="rsync --suffix .`date +%s` --server -vbltprcR /home/user/A" ' > command [user@B]: cat command rsync_dsa.pub >>authorized_keys [user@B]: chmod 600 authorized_keys Your authorized keys should then have a line with command="<code>" ssh-dss KEYDATAHERE...AQ== rsync@A. If not, edit by hand and make it look like it should. If you're having issues, check my ssh-keys troubleshooting page. Go back to machine A and test your script. [user@A]: ./rsync_dir ~/work /etc/cron.daily building file list ... 2 files to consider IGotaNewFileNow 21 100% 0.00kB/s 0:00:00 (1, 100.0% of 2) sent 138 bytes received 40 bytes 356.00 bytes/sec total size is 21 speedup is 0.12 /etc/cron.daily [user@A]: Done.

Figuring out what to put in your ssh-key is easy, try running your script without the command in the authorized_keys. Then suspend it. Go to the remote machine and ps -aef |grep rsync, you'll see the correct arguments there...