More from: sendmail

Backup using rsync with non-standard ssh port

locked-computer-cartoon*nix systems have rsync to back up or synchronize (mirror) their files to a backup computer. For example I can back up the files on my home computer to my office computer. rsync does not copy files that have not changed. The syntax is something like

rsync -avzhe ssh /home/mydir/ mylogin@myserver.org:/home/mydir/ 

The -a is archive, same as for cp. -v is verbose so you can see each file in process and how long until it is finished. the -e lets you specify an alternate communications protocol, in my case ssh.

Note: SSH must be working on both systems for rsync to work using SSH. Also note OpenSSH can be unreasonable and inobvious about permits — the target login directory (example: /home/mylogin) must NOT be writable by group or other. Mostly this will not be a problem — chmod 06755 /home/mylogin will work. BUT also note the /home/mylogin/.ssh folder MUST be 0700 (or possibly 0744) and the /home/mylogin/.ssh/authorized_keys file must be 0700. Otherwise SSH simply returns “Permission denied (publickey).” and refuses to connect. Yeah, someone didn’t think that one through all the way.
Note: you can pull / push files around a few at a time without checking dates and such by using scp. It is like the copy command, cp, but works through ssh. Format example:

scp mylogin@mycomain:/myfilename .

I had a couple problems when I tried rsync initially:

  1. It wiped out my ssh credentials (2048 bit key in /home/mydir/.ssh/authorized_keys) on the remote system by copying the .ssh/authorized_keys in my local system right over the top of it — probably not a good idea to copy your hidden folders up to the remote system.
  2. I use non-standard port numbers for ssh to make hacking me a little more interesting and I found nothing obvious in the docs about how to do it.

I solved these problems in the little script below and also email myself a report when it is done. Note the app I used to send the email is “sendemail” with an “e” in the middle, not “sendmail”: I removed mailutils because I do not run mail servers at this time and that makes it a bit more interesting to hijack my systems for spamming since there is no app to send the spam — remove all programs you don’t need to reduce vulnerabilities. The sendemail program can be installed from the repositories.

#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
DEBIAN_FRONTEND=noninteractive
#
NOW=$(date +"%Y%m%d-%H%M%S")
LOGME="/home/mydir/log/rsync-$NOW.log"
LOGDIR="/home/mydir/log"

if [ -d "$LOGDIR" ]
then
echo "Log folder located at $LOGDIR"
else
echo "Creating log folder at $LOGDIR"
mkdir $LOGDIR
fi

echo ===
echo $HOSTNAME batch job nightly mirror to my backup server $NOW
echo ===

rsync -avzhe 'ssh -p2222' --progress --exclude='\.*' /home/mydir/ mylogin@myserver.org:/home/mydir/ >$LOGME

sendemail \
-f $HOSTNAME@myserver.org \
-t receiver@mydomain.com \
-u "$HOSTNAME Nightly Mirroring Report" \
-s my-mail-server.net:port# \
-xu "sender@mydomain.com" \
-xp "my-password" \
-o message-file=$LOGME