This is a great piece of knowledge, I encourage you to put this on the wiki.
also note that this can be done in reverse to have the remote machine create
the tunnel and issue a command over ssh 'BackupPC_servermsg or
BackupPC_dump' allowing remote clients to backup on their own schedule
without the backuppc server having any knowledge of their remote IP address.
this is also a great was to secure your rsync traffic as the rsyncd server
in cygwin does not listen to any network IP address, only 127.0.0.1
very nice.
On Feb 11, 2008 4:07 PM, hot java <[EMAIL PROTECTED]> wrote:
> PROBLEM: Backup Hangs when using BackupPC / rsync over ssh to a Windows
> 2003 server.
>
> WORKAROUND SUMMARY: Backup a Windows 2003 server using by using BackupPC's
> Pre and Post commands to establish a forwarding ssh tunnel and a locally
> bound Windows rsyncd service. I know what you are thinking - I don't want
> to load rsyncd as a service because this creates another security issue.
> Wait, we are going to BIND the rsyncd service to 127.0.0.1 and then
> connect to it via the forwarding tunnel! Awesome. Performing a backup
> using this method will seem weird because you'll be issuing an rsync command
> on your BackupPC server against localhost, 127.0.0.1::module, which is
> forwarded over to the Windows 2003 server where it then connect to the rsync
> service on 127.0.0.1:873. Believe me - it works. I've been using this
> method for over a month now without any problems.
>
>
>
> HOWTO:
>
>
>
> How to backup a Windows 2003 server using BackupPC, rsyncd, and a
> forwarding ssh tunnel. The goal was to develop a secure backup method that
> actually works. Rsync over ssh from Linux to Windows fails (for me). So,
> we developed a secure method that meshes nicely with BackupPC and rsyncd.
> Caution: these are my personal notes, following them may crash your system
> and result in data loss.
>
>
> FAILURE: Linux --rsync/ssh--> Windows 2003(sshd):
> We spent about a week trying to resolve problems backing up a Windows 2003
> server from Linux using rsync over ssh. Almost all of our attempts at
> getting a clean backup of Windows 2003 server from a Linux server using
> rsync over ssh failed miserably - the backup would simply hang on certain
> files. This problem persisted even when we replaced the original Windows
> source files with a Volume Shadow Copy - ouch!
>
> SUCCESS: Linux ==rsync (modules)/ssh==> Windows 2003(sshd/rsyncd)
> All of our tests using module-based rsync from Linux to Windows 2003
> rsyncd services worked perfectly. So, we developed a simple workaround to
> secure rsyncd connections through a forwarding ssh connection. To do this,
> we bind rsyncd to localhost on a Window 2003 server and then connect to this
> service from our Linux backup server through a forwarding SSH tunnel.
>
>
> -------------------------------
> ESTABLISHING RSYNCD (localhost) AND SSHd ON WINDOWS 2003 SERVER:
> * Install cygwin, be sure to include cygrunsrv, openssh and rsync.
> * Follow one of the many online guides for setting up cygwin's sshd
> (reference: http://pigtail.net/LRP/printsrv/cygwin-sshd.html)
>
> To setup rsync as service in Windows 2003 do the following:
> (reference: http://www.gaztronics.net/rsync.php)
>
> Start cygwin:
> % vi /etc/rsyncd.conf
>
> use chroot = false
> strict mode = false
>
> [backupwww]
> path = /cygdrive/c/webserver
> read only = false
> list = true
> comment = BACKUP
>
> ESTABLISH CYGWIN AS A SERVICE
> % cygrunsrv -I "Rsyncd" -p /cygdrive/c/cygwin/bin/rsync.exe -a
> "--config=/cygdrive/c/cygwin/etc/rsyncd.conf --daemon --no-detach --address=
> 127.0.0.1" -f "Rsyncd daemon service on localhost" -u Administrator
>
> ********************************************************************
> ***IMPORTANT: BE SURE TO USE "--address=127.0.0.1" *
> ********************************************************************
>
> START SERVICE:
> % cygrunsrv --list
> % cygrunsrv --start sshd
> % cygrunsrv --start Rsynd
>
> Now, we are ready to test our new services.
>
> TESTING: ESTABLISH THE FORWARDING TUNNEL:
> TESTING: On your Linux backup server issue this command:
>
> TESTING: linux% ssh -L 1500:127.0.0.1:873 -l user myserver.my.domain
>
> TESTING: This command will establish a tunnel to "myserver" where new
> connections to the local linux port on 1500 are forwarded over to the remote
> side and actually connect to 127.0.0.1:873. That is to say, local
> connections to 127.0.0.1:1500 are: (a) FORWARDED through the tunnel and
> (b) connected to 127.0.0.1:873 on the remote side.
>
> TESTING: Now that we have this incredibly useful tunnel in place, all we
> need to do is run rsync against the localhost:1500 to actually backup the
> remote side.
>
> TESTING: Here is an example of the rsync command:
>
> TESTING: linux% "rsync -av --port 1500 127.0.0.1::backupwww /home/backups"
>
> TESTING: In this example, backupwww is the name of your Windows 2003
> rsyncd module. Obviously, /home/backups is the destination on your backup
> server where you want to store these test backups.
> ---------------------------
>
> If everything works, you are ready to configure BackupPC.
>
> ====================== BACKUPPC ==========
>
> BACKUPPC: BackupPC (rsyncd method) ------ssh tunnel-----> Windows 2003
> Server (sshd/rsyncd)
> LINUX: Install BackupPC
> LINUX: Setup ssh keys such that user backuppc can ssh over to your Windows
> 2003 server without supplying a password
> (reference: http://backuppc.sourceforge.net/faq/ssh.html)
>
> Pick an alias for your Windows 2003 server to be used by BackupPC. Any
> name will do - we'll map this alias to 127.0.0.1 later with
> "ClientNameAlias". For this example, I selected securewww1 as an alias for
> our Windows 2003 server.
>
> linux% vi /BackupPC/conf/hosts
> securewww1 0 root webteam
>
> linux% mkdir /BackupPC/pc/securewww1
> linux% vi /BackupPC/pc/securewww1/config.pl
> do "/BackupPC/conf/securewww1.pl";
>
>
> LINUX: Install screen
>
> linux% mkdir /BackupPC/scripts
> linux% vi /BackupPC/scripts/www1tunnel
> #!/bin/bash
> TERM=vt100
> /usr/bin/screen -d -m -S tunwww1 /usr/bin/ssh -q -x -L 1500:
> 127.0.0.1:873 -l user myserver.my.domain
> /bin/sleep 10
> Note: sleep 10? we needed to introduce a small delay to ensure the tunnel
> was fully established before rsync started
> Note: "-S tunww1" helps us identify the process - so we can kill it when
> the backups are finished
> Note: This could be done with dtach instead of screen
>
> linux% chown backuppc /BackupPC/scripts/www1tunnel
> linux% chmod u+x /BackupPC/scripts/www1tunnel
>
> linux% vi /BackupPC/conf/securewww1.pl
> $Conf{ClientNameAlias}='127.0.0.1';
> $Conf{DumpPreUserCmd}='/BackupPC/scripts/www1tunnel';
> $Conf{DumpPostUserCmd}='/usr/bin/pkill -u backuppc -f tunwww1';
> $Conf{RestorePreUserCmd}='/BackupPC/scripts/www1tunnel';
>
> $Conf{RestorePostUserCmd}='/usr/bin/pkill -u backuppc -f tunwww1';
>
> $Conf{XferMethod}='rsyncd';
> $Conf{RsyncdClientPort}='1500';
> $Conf{RsyncShareName}='backupwww';
> $Conf{RsyncdAuthRequired}=0;
> -------------
>
> >From the Backuppc management page, reload the configuration file and
> start a full backup of securewww1.
> I hope this helps someone :-)
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> BackupPC-users mailing list
> BackupPC-users@lists.sourceforge.net
> List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
> Wiki: http://backuppc.wiki.sourceforge.net
> Project: http://backuppc.sourceforge.net/
>
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
BackupPC-users mailing list
BackupPC-users@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
