1 Introduction

1.1 Goals

Perform Backup of a remote host

1.2 Notes

Commands preceded with "$" imply that you should execute the command as a general user - not as root.
Commands preceded with "#" imply that you should be working as root.
Commands with more specific command lines (e.g. "rtrX>" or "mysql>") imply that you are executing commands on remote equipment, or within another program.

2 Exercises

2.1 Backup an other host

We want the backuppc user on the server to connect securely to another host to back it up. To do this, we’ll generate a key pair without passphrase:

$ sudo -i -u backuppc

Make sure you are the backuppc user:

$ whoami

Check that it says backuppc, then:

$ ssh-keygen -t rsa -b 2048

When asked for the location of the keyjust press ENTER.
When you are asked for a passphrase, just press ENTER.

Generating public/private rsa key pair.

Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa): <---- press enter
Enter passphrase (empty for no passphrase):  <--- press enter
Enter same passphrase again:  <--- press enter

Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa.
Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub.
The key fingerprint is:
2f:d9:c6:70:30:25:4c:3e:d2:29:90:6c:e8:4c:2d:f7 backuppc@host222.ws.nsrc.org
The key's randomart image is:
+--[ RSA 2048]----+
|   +.. oo .      |
|  + *. o.+       |
| + + .o B        |
|  o   Eo +       |
|        S .      |
|         B       |
|        o =      |
|         o       |
|                 |
+-----------------+

Now we need to copy the public key

$ cat ~/.ssh/id_rsa.pub

Copy this with your mouse; it's the key we need to copy to the remote server we'll be taking a backup of.

2.1.1 On the other hostY

For security reasons, we prefer to not log in directly as the root user for backup. By default, Ubuntu has a user named backup we can use for that. So let's use it.

By default, the backup user isn't allowed to log in, so we'll have to enable login for this user.

Note: do this on hostY!

$ sudo vipw

Find the line:

backup:x:34:34:backup:/var/backups:/usr/sbin/nologin

and replace it with

backup:x:34:34:backup:/var/backups:/bin/bash

Save and exit.

Add the public key to the authorized_keys file of the backup user:

$ sudo -s
# mkdir /var/backups/.ssh
# cat > /var/backups/.ssh/authorized_keys

Paste the public key you copied copied earlier, then press ENTER, then CRTL+D.

Now, exit back to sysadm:

# exit
$ whoami
sysadm
$

Let's now allow the backup user to call rsync as the root user:

$ sudo visudo

Add this at the end of the file:

     backup ALL=NOPASSWD: /usr/bin/rsync

Save the file, exit.

2.1.2 On the backuppc server

Firstly, let's check that we can log in as the backup user on hostY, using the key we created:

$ sudo -i -u backuppc
$ ssh backup@hostY

If it works, then logout again, then go to the backuppc web interface:

http://hostN.ws.nsrc.org/backuppc

... then navigate to:

Edit config -> Xfer
Make sure rsync is selected under XferMethod (top)
1. Under RsyncClientCmd
Change:

$sshPath -q -x -l root $host $rsyncPath $argList+

$sshPath -q -x -l backup $host $rsyncPath $argList+

2. Do the same for `RsyncClientRestoreCmd`

To add the host:

Click on Edit Hosts in the left menu, then click the Add button In the fields that appear, enter:
1. Host : hostY (use the hostname of the machine you want to backup!)
2. User : backup
3. Click on Save above.
In the top left pull down menu, select hostY
Once in the 'Backup Summary, click (top left) on Edit config
1. Click on Xfer
2. For XferMethod, select rsync
3. For RsyncShareName : set the path to backup to /var/www then click Add
4. Click on Save above.
Top left, click on hostY Home -> then click on Start full backup When asked to confirm, click on Start full backup again.
You should get a message Reply from server: ok...
Click on Browse backups, top left

Browse the contents of the backup, and check that it's ok.

Next, we'll move to doing a restore up another host!