Build a Home Terabyte Backup System Using Linux
Generating the Key Pair
On the machine you want to log in to (logged on as bob on bar in this case), type ssh-keygen -d to generate the key pair. Enter a password if the key will be accessible/readable to other users. Otherwise, press Return. Change into the .ssh directory and copy the public key to the allowed list:
cd ~/.ssh cp id_dsa.pub authorized_keys2
Copy the private key to the .ssh directory of the account on the machine you will be logging in from (for example, root user on foo). Remove the private key from bar (the machine you want to log on to):
scp id_dsa root@foo:~/.ssh/id_dsa rm id_dsa
On the machine you're logging in from, start the SSH agent, and add the key to the agent's list (ssh-add asks for a password if you typed one in the first step above):
eval `ssh-agent` ssh-add
You can now log in to account bob bar from foo without a password:
You can run a script on foo to replicate foo on bar using bob's account on bar. You should read the documentation for rsync, which has numerous features (more than 70 command-line options). In particular, the -delete option can have disastrous consequences if misused. Listing 1 shows a seven-day incremental backup. Files altered or deleted on each day of the week are deposited in directories named for the day (set by -backup-dir). The most recent backup is stored in the directory current.
Listing 1. Full and Incremental rsync
#!/bin/sh # This script does backups of foo to the backup server bar # in a 7 day rotating incremental backup. # Based on script by Andrew Tridgell # directory to backup BDIR=/home # Remote directory on backup server BACKUP_HOME=/data1/foo # Backup login account on remote server BACKUP_LOGIN=bob # the name of the backup server BSERVER=bar BACKUPDIR=`date +%A` OPTS="--force --ignore-errors --delete --backup -backup-dir=$BACKUP_HOME/$BACKUPDIR -av" export PATH=$PATH:/bin:/usr/bin:/usr/local/bin # Dump output to backup file date > /var/log/backup.$BACKUPDIR.log # the following line clears the last week's incremental directory [ -d /tmp/emptydir ] || mkdir /tmp/emptydir rsync --delete -a /tmp/emptydir/ BACKUP_LOGIN@$BSERVER:$BACKUP_HOME/$BACKUPDIR/ rmdir /tmp/emptydir # now the actual transfer rsync $OPTS $BDIR BACKUP_LOGIN@$BSERVER:$BACKUP_HOME/current >> /var/log/backup.$BACKUPDIR.log
If you prefer a compressed archive format, you still can run tar for a full backup over the network:
tar cvfz - /home | ssh bob@bar dd of=/data1/foo/current.tar.gz
and use the -newer option for an incremental tar backup.
rsync is more efficient than the tar command, because rsync copies only the differences between the current and previous copy of the data.
You can get by with rsync and SSH on most platforms (including MS Windows), but in reality, a fileserver setup is preferable, especially if you are running MS Windows clients. For MS Windows machines, a Windows backup application is preferable. The easiest way to do this is to run the backup to write to a share on the Samba server.
If your Linux installation supports SMB file sharing, Samba is probably installed. If not, binaries are included with virtually all distributions. If this isn't the case with your distribution, or if you prefer to use the very latest Samba version, download the source code and compile and install. Official Samba distributions are available from the Samba home page (see Resources). Refer to the documentation there for installing and initially configuring Samba.
Once your backup server has Samba server installed, all Samba configurations are made by editing the smb.conf file, which is usually in /etc/samba/smb.conf or /usr/local/samba/lib/smb.conf. Graphical configuration utilities like SWAT usually are included with Samba. See your documentation for information about starting or stopping Samba. You should configure your server to ensure that Samba starts when the server initially boots up.
Following our backup example above, on server bar, set up a simple smb.conf file or try appending the section below to the existing smb.conf file to define a share called bob:
[bob] comment = foo backup account path = /data1/foo valid users = bob public = no writable = yes
Next, add bob with any secure password as a Samba user (bob must have a Linux account as well as permission to read/write the /data1/foo directory):
smbpasswd -a bob New SMB password: somepassword Retype new SMB password: somepassword Added user bob
For MS Windows clients, map the share \\bar\bob as a network drive in MS Windows using the user name bob and the SMB password for the bob Samba account. You then should be able to run backups to the mapped network drive. I typically use the free ntbackup software and set it up to write .bkf files to network storage. ntbackup comes free with Windows 2000 and XP and can run automated, regularly scheduled backups from the Windows client. Windows client-based backups have the advantage of backing up the entire state of the system (including the Windows registry).
You also can use Samba to serve files to most UNIX or Mac OS X clients. The smb client is installed by default in Mac OS X. In Linux distributions, make sure that the smb client package is installed. The smb share should be mounted onto the /backup mountpoint of machine foo:
mount -t smbfs -o username=bob,password=somepassword //bar/foo /backup
To have the backup drive mount when the system boots, place a line such as the following in /etc/fstab:
//bar/data1/foo /backup smbfs rw,username=bob,password=somepassword 0 0
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- The US Government and Open-Source Software
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide