SSH Rsync snapshot without remote root login

The following is my own simple backup script, based on the SSH and rsync snapshot principle. The script runs locally as root and logs in remotely as some user (it pushes data to the backup host). This means that is does not require a root login at the remote host. It is meant to be run periodically and store a configurable amount of previous "snapshots".

The script has a simple configuration file that sets up the remote host, remote user, etc. see sample below. Copy the two files to the locations indicated below. To allow automated backup you need to exchange keys with the local root user and the remote backup user (see below). Once you are done setup cron to run the script and you should be on you way to a safer life =].

All arguments given to the script are passed on to rsync so you can pass parameters to the script if you run it manually from time to time (say "--progress" for example).

/etc/backup.cfg
/usr/sbin/backup.sh

Exchange ssh keys

The quick and easy way to exchange keys, picked up form here. For this purpose you should generate a key as root on the local host and exchange it with the remote backup user.

Key generation
From the machine that is suppuse to be able to login somewhere (the pc storing it's backup somewhere) generate a key as "root" wo. pass-phrase:

  ssh-keygen -t rsa -N ''
      => public key in ~/.ssh/id_rsa.pub

Key exchange
Copy the public key to the machine that is suppose to allow login and add to authorized keys for the user allowing pw-less login:

  touch ~/.ssh/authorized_keys2
     cat id_rsa.pub >> ~/.ssh/authorized_keys2

Test

  ssh remotebackup@serv.duplex.dk whoami

Tighten security
You should edit ~/.ssh/authorized_keys2 and add further specifiers, eg: from, to limit which hosts can login using this key in authorized_keys2 from="backuppc.my.com" ssh-rsa [base64 key, eg: ABwBCEAIIALyoqa8....]

Copyright © 2006 Martin Leopold Created on May 10, 2006
Last modification on May 10, 2006