Right after I wrote How to regularly backup Windows XP to Ubuntu, using rsync for my T42 ThinkPad, I ended up installing Ubuntu on it. In the end I was mostly interested in backing it up for the purpose of safely wiping Windows. So much for regularly.
Then something unexpected happened: I started to use my 5 year old X23 exclusively. Partly because I’d already gotten comfortable with Ubuntu on it, and partly because I was using it at the time to edit photos on the bus ride home from work. When I got home, it didn’t make sense to switch to another laptop to finish whatever I was working on.
It also may have something to do with a feeling that I think Mark Pilgrim put well:
So I’ve been meaning to get back to
rsync to start regularly backing up Ubuntu to Ubuntu. Well my little Mini-ITX server with external hard drive is already up and running. So that half of the equation was in place. What I was a little rusty on was how to set the whole thing up to run without needing a password.
That turns out to be really easy. If you’ve got
ssh, then you’ve probably got
ssh-keygen, which exists for the sole purpose of generating public and private keys, which when created without a passphrase can be used for password-free logins. So I ran
ssh-keygen to generate a 2048 bit RSA key without a passphrase . I could also have generated a 1024 bit DSA key. I’m not sure I understand the difference. I’m not sure it matters.
ssh-keygen -b 2048
ssh-keygen created two standard files, id_rsa and id_rsa.pub, the private and public keys respectively. The next and final step is to copy and “install” the public key on my backup server (192.168.0.100).
ssh-copy-id -i ~/.ssh/id_rsa.pub firstname.lastname@example.org
ssh-copy-id uses ssh to copy the public key to the remote server and appends it to the ~/.ssh/authorized_keys file. Of course I didn’t know about
ssh-copy-id when I started, so I just
scp-ed the file over and pasted the public key into the authorized_keys file.
At which point I could use ssh to login without a password! ssh knows to automatically check for the existence of the id_rsa private key and try logging in with that.
Hot damn! That alone makes me want to start distributing my public key around to every server I access regularly. Of course the other benefit (and the whole point of this post!) is that now I’ll also be able to cron an rsync backup without requiring a password.
My ideal backup is a relatively current mirror of my home directory. I’m not looking for modified file snapshots or entire bootable filesystem images, I just want to know that if my hard drive crashes, most of my data (especially the photos) is recoverable. To that end, my rsync needs are relatively simple, though it took some tweaking to get to this point:
rsync -aze ssh --delete --exclude=".*/" /home/jwatt/ email@example.com:/home/jwatt/backup/x23/
-a option means archive files—it’s really an alias for a lot of other options having to do with maintaining permissions and timestamps, etc. The
-z option uses compression when transferring files. The
-e ssh option tunnels the file transfer over an encrypted ssh connection. The
--delete option deletes any destination files that have been deleted from the source. The
--exclude=".*/" option skips hidden files and directories. Finally the last two parts are the source (in this case everything under my home directory) and the destination I’ve already set up on my backup server.
And that’s it. I added it to my cron to run daily at 10pm. Set and forget it.