i use rsync to backup files within the local network and also through the internet. rsync, by default, does not encrypt the data it transmits so to backup files via the internet one has to encrypt the data or the port that the data travels in using another software. for this purpose i use ssh (secure shell) to create an encrypted “tunnel” between the transmitting and receiving computers.
the conventions i’ll be using: remote means the server where i will be copying files from and local means the server where i will be copying files to. local is also where the rsync backup script is located and initiated.
my assumptions are that both remote and local servers are running linux and both have rsync and openssh installed.
when initiating a backup run from the local server, the remote server would normally ask for a password. this is obviously not good especially when i need to schedule unattended backup runs at odd hours of the day (or night). so for the script not to ask a password i need to generate a public/private pair of keys on the local server to be used with ssh.
to generate a public/private key pair, log in to the console in the local server:
$ ssh-keygen -t dsa -b 2048 -f /home/localbackupuser/local-rsync-key
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase): [press enter here]
Enter same passphrase again: [press enter here]
Your identification has been saved in /home/localbackupuser/local-rsync-key.
Your public key has been saved in /home/localbackupuser/local-rsync-key.pub.
The key fingerprint is:
so now we have keys to use to authenticate between the local and remote servers. we now have to copy the contents of the local-rsync-key.pub into the authorized_keys file of the remote server (/home/remoteuser/.ssh/authorized_keys)
i would normally mount the remote server’s drive using sshfs (secure shell filesystem) and edit the authorized_keys file as if it was in my workstation. another way to do this is via a remote console.
for added security, you can limit the computer(s) connecting to the remote server by specifying the ip address of the local server along with the contents of the public key generated above (details here). this would be very useful if the ip address of the local server doesn’t change. unfortunately mine does.
next step is to test the backup script on the local server via ssh. if the backup script starts syncing with the remote server then all that is left to do is add and entry in crontab to automatically start the backup at the time you specify.