Automated Backups With rdiff-backup - Page 2

Step 3: Edit The Public Key On server1.example.com

Log in as root on server1.example.com and have a look at /root/.ssh/authorized_keys. It should look similar to this:

ssh-rsa AAAAB3Nza[...]W1go9M= rdiff-backup@backup

Now prepend the following string to /root/.ssh/authorized_keys:

command="rdiff-backup --server --restrict-read-only /",from="backup.example.com",no-port-forwarding,no-X11-forwarding,no-pty

It must be in one line(!) with the key, only seperated by a space:

command="rdiff-backup --server --restrict-read-only /",from="backup.example.com",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3Nza[...]W1go9M= rdiff-backup@backup

This will run the command rdiff-backup --server --restrict-read-only / when the user rdiff-backup fom backup.example.com connects to server1.example.com over SSH. --restrict-read-only / makes sure that rdiff-backup has only read access on server1.example.com. It depends on your rdiff-backup version if this works. If this does not work for you you can leave out --restrict-read-only / so that it reads

command="rdiff-backup --server",from="backup.example.com",no-port-forwarding,no-X11-forwarding,no-pty

In from="backup.example.com" you should use the hostname that a reverse lookup of backup.example.com's IP address returns. For example, if backup.example.com's IP address is 1.2.3.4, and

dig -x 1.2.3.4

returns

rdiff-backup@backup:~$ dig -x 1.2.3.4

; <> DiG 9.2.4 <> -x 1.2.3.4
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38020
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;4.3.2.1.in-addr.arpa.      IN      PTR

;; ANSWER SECTION:
4.3.2.1.in-addr.arpa. 43200 IN      PTR     server3245.somehoster.com.

;; Query time: 118 msec
;; SERVER: 145.253.2.75#53(145.253.2.75)
;; WHEN: Thu Oct 13 14:56:03 2005
;; MSG SIZE  rcvd: 83

rdiff-backup@backup:~$

then you should use server3245.somehoster.com:

command="rdiff-backup --server --restrict-read-only /",from="server3245.somehoster.com",no-port-forwarding,no-X11-forwarding,no-pty

You can as well use backup.example.com's IP address:

command="rdiff-backup --server --restrict-read-only /",from="1.2.3.4",no-port-forwarding,no-X11-forwarding,no-pty

Next run

chmod -R go-rwx /root/.ssh

Then have a look at /etc/ssh/sshd_config. It should contain the lines

RSAAuthentication yes
PubkeyAuthentication yes

Restart ssh if you had to change /etc/ssh/sshd_config:

/etc/init.d/ssh restart

Step 4: Test rdiff-backup On backup.example.com

Back on backup.example.com, again as the user rdiff-backup, we test the backup:

cd /backup
rdiff-backup server1_backup::/boot boot

In the second command you see the string server1_backup. That is the string we used in /backup/.ssh/config after host. With this second command, the user rdiff-backup will connect to server1.example.com as the root user and save the directory /boot of server1.example.com to the directory /backup/boot on backup.example.com. If you see that it is working and you do not have to type in a password, then - congratulations! You did it!

Now all there is left to do is to create a cron job. Still as user rdiff-backup, run

crontab -e

and create a cron job like this:

40 2 * * * /usr/bin/rdiff-backup --exclude /tmp --exclude /mnt --exclude /proc --exclude /dev --exclude /cdrom --exclude /floppy server1_backup::/ /backup/server1

This runs the backup every night at 2.40h, saving the directory / with all subdirectories (excluding /tmp, /mnt, /proc, /dev, /cdrom, /floppy) of server1.example.com in /backup/server1 on backup.example.com.

(Note (a little off-topic): on Debian Sarge crontab -e will automatically open the editor nano. If you are used to working with the editor vi (like me), run the following commands:

rm -f /etc/alternatives/editor
ln -s /usr/bin/vi /etc/alternatives/editor

Afterwards, run crontab -e, and vi will come up.)

To find out more rdiff-backup commands (especially how to restore a backup), run

man rdiff-backup

and have a look at http://www.nongnu.org/rdiff-backup/examples.html.

Links

rdiff-backup Homepage: http://www.nongnu.org/rdiff-backup/index.html

rdiff-backup Examples: http://www.nongnu.org/rdiff-backup/examples.html