Automatic backup through SSH

(updated: Mar. 2, 2003)

    There are two ways to backup through SSH: one is RSYNC; another is Tar or Zip through SSH.

        I tried to use the Tar through SSH. However, there is a security problem: all scripts I can find online about tar over SSH will always let other computers to initiate SSH connection to the Backup Server.

        The Backup Server should be the safest one in the lab. In addition, I need to backup homepages on DMZ webserver and also one outside computer. The webserver and the outside computer are not safe so they should not be trusted.

       Therefore, I wrote script to let the backup server to initiate the SSH connection to others. In this way, the backup server can be secure.

       Michael Kisor provided a more concise and simpler command to let backup server to initiate SSH connection to other computers, which is listed in the end (appendix).

1. First, we need to generate PKI keys. 

    Suppose the backup server is A, the computer with files that need to be backed up is B. If the backup server A initiate the SSH connection to B, A will be the client and B will be the server of SSH.

    On A, change dir to /root/.ssh/. Use ssh-keygen -t rsa -N "". It will generate "id_rsa" and "id_rsa.pub" files. Copy the id_rsa.pub to B in the /root/.ssh/ dir, then change the file name to authorized_keys2 (If you have more than one host from which you want to connect to the remote host, you need to add the local host's id_rsa.pub as one line in the authorised_keys2 file of the remote host). 

    From A, try ssh B to see if you can connect to B from A without password.

2. Second, write a script to do tar/zip and copy files automatically through SSH.

    SSH can use a file to replace stdin. In the mean time, sftp, which is the ftp of SSH, can use option "-b" to use a file to feed the command sequence. 

    On backup server A, the crontab script is in the following: (filename: ssh-B.sh in dir /root/)

#!/bin/sh
cd /home/backup/B
ssh B < /root/ssh-B.batch
sftp -b /root/sftp-B.batch B.computer.name

    The ssh-B.batch file is the SSH command sequence. It tar and zip the /home dir. The file is:

cd /root/
tar czvf B.tar.gz /home/B
exit

    The sftp-B.batch file is the Sftp command sequence. It tar and zip the /home dir. The file is:

cd /root
get B.tar.gz
rm -f B.tar.gz
exit

3. Third, put the ssh-B.sh into crontab to automatically backup.

     Use crontab -e to edit root crontab job as following line:

# backup is running every Sunday moring at 12:01am.
1 0 * * 0 /bin/bash /root/backup_group.sh > /dev/null 2>&1

    That's it! You can easily modify ssh-B.batch and sftp-B.batch to do what you want to do (they are just ssh and sftp command sequences).

Appendix: A simpler command of SSH connection from backup server (from Michael Kisor)

The solution would do the following:

1) Backup server would initiate the connection (for security)
2) Would not store any files on the remote (as there may not be enough room on the hard drive)

It reads the remote directly and only stores the result on the backup server (i.e. no temporary files). From backup server A issue the command:

ssh B "tar cfz - /home/B" > B.tar.gz

or:

ssh B "tar cf - /home/B" | gzip > B.tar.gz

where "B" is the IP/domain of the remote server (with optional account name, such as "root@B"), and "B.tar.gz" is a destination file on the backup server.

The first example above does the compression on the remote before it is sent over the network and is suitable for a fast server (B) over a slow connection. The second example shifts the compression overhead to backup server A, thus reducing the load on server B, but uses more network bandwidth; it is suitable for a slow server over a fast connection, or simply to reduce the load on server B.