Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

SSH backup to other VPS

SSH backup to other VPS

netomxnetomx Member
edited June 2012 in General

I want to tar a backup to other server (because of space); is it OK?

ssh [email protected] "tar cz /var/www/html" > backup.gz

thx

Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user

Comments

  • BluBoyBluBoy Member

    If this is going to be a regular backup, using rsync over SSH seems like a much better solution?

    I use this as a quick and dirty hack on a few VPS: https://www.thriftydevil.com.au/technology/secure-backups-with-rsync-and-ssh

    Checkout my blog. I review VPS providers and mess around with Debian and FreeBSD!

  • Or you could use rsync over, well, rsync :-)

    My Advice: : VPS Advice | My Blog: : raindog308.com
  • netomxnetomx Member

    @raindog308 said: rsync

    and how to tar it?

    Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user
  • @netomx said: and how to tar it?

    With tar of course.

    Using rsync will minimize the amount of data that has to be transfer from the source server. Then build redundancy on the backup server using tar, or one of several applications designed for the job.

  • netomxnetomx Member

    @sleddog said: With tar of course.

    I was reffering to, tar the destination delete it... and the rsync again?

    Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user
  • @netomx said: tar the destination delete it... and the rsync again?

    Sorry you lost me...

  • netomxnetomx Member

    @sleddog said: Sorry you lost me...

    if you rsync, you'll create a folder on your destination, right?

    I'm on the destination VPS, and I want it to tar it (or encrypt it). If I tar it, the rsync folder will not be encrypted, so I need to delete it. And then? If I rsync again, will rsync ALL the files again...

    Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user
  • @netomx said: If I tar it, the rsync folder will not be encrypted, so I need to delete it. And then? If I rsync again, will rsync ALL the files again...

    Yes that's true. Why do you want to encrypt the backup of your website?

  • netomxnetomx Member

    @sleddog said: your website?

    because it will store mysql backups too, and they are from clients...

    Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user
  • BluBoyBluBoy Member

    OK, From my understanding you have two options... 1) Tar + Compress (+ Encrypt?) the folder on the source VPS and then copy that file to your destination. 2) rsync the source folder to to your destination. Tar + Compress (+Encrypt?) it there.

    If you do option #1, every time you copy the backup.tar.gz file it will need to copy the entire thing each time. EG. in your backup folder you will have: 27062012.BACKUP.tar.gz 28062012.BACKUP.tar.gz 29062012.BACKUP.tar.gz 30062012.BACKUP.tar.gz ... etc

    If you do option #2, it will only send files that have been updated. You should then tar and compress this into daily/weekly/monthly backups. EG. in your backup folder you will have: source/index.php source/favicon.ico source/...etc backup/27062012.BACKUP.tar.gz backup/28062012.BACKUP.tar.gz backup/29062012.BACKUP.tar.gz backup/30062012.BACKUP.tar.gz backup/...etc

    Option #1 will save you some CPU cycles on both machines when the backup is run. Option #2 will save you significant amount of bandwidth when the backup is run.

    Checkout my blog. I review VPS providers and mess around with Debian and FreeBSD!

  • netomxnetomx Member

    @BluBoy said: destination. Tar + Compress (+Encrypt?) it there.

    Ok, compress.. then what will happen with that folder? =P

    the only thing possible is with Truecrypt; I'm waiting to Damian to enable fuse module

    Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user
  • @netomx said: because it will store mysql backups too, and they are from clients...

    Is the backup server somehow less secure than the live server?

  • netomxnetomx Member

    @sleddog - nope, it is just a fancy thing :(

    Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user
  • dannixdannix Member

    If you need encrypted backups try duply and duplicity

    New free DDNS service skipIP.com | Invites @ blog.srvbox.com | Availability status of my servers.
    Thanked by 1djvdorp
  • netomxnetomx Member

    @dannix said: duply and duplicity

    will check this, thanks

    Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user
  • What do you do when someone breaks into your primary server and now has the encryption keys and ssh keys to delete your backups on the backup server?

    push-based backups are inherently dangerous because all information needed to nuke them is kept on the server doing the push. There are some exceptions (e.g., tarsnap uses delegated authority, but it's likely too expensive for this case) but I personally prefer pull-based backups.

    My Advice: : VPS Advice | My Blog: : raindog308.com
    Thanked by 1jcaleb
  • PADPAD Member

    Yeah MainServer pushing backups to BackupServer is always going to be insecure, there is no benefit of encrypting. Using pull based backups is the way to go. Like @raindog308 said.

  • jcalebjcaleb Moderator

    i push from primary server to a backup server. all backup of backup server pull from backup server.

    Twitter Bootstrap Themes for your software projects. I recommend Prometeus and Catalyst Host

  • PADPAD Member

    @jcaleb, risky, shouldn't be done on production servers hosting customers of any type.

  • jcalebjcaleb Moderator

    i will consider. thanks!

    Twitter Bootstrap Themes for your software projects. I recommend Prometeus and Catalyst Host

  • dannixdannix Member

    If you don't care if somebody can read your backups on a backup server, then the easiest solution is to run something like rsnasphot/rdiff-backup on the backup server and pull the data from different locations. In such case, if one of your machines will be compromised, your backup remains safe.

    However, if you can't trust your backup provider, or you take into account, that your backup server could be compromised as well, and someone will have access to all your backups, what do you do? Encrypted backup allows you to store your important files on an untrusted backup server. Even if someone will gain access to your backup server, the files there are quite useless for him. As you said the dissadvantage of the push backup is however, the possibility of the backup destruction by an attacker.

    To prevent this, one could combine both techniques: use push encrypted backups, for the data security on the backup server, and use second backup server which pulls encrypted backups from the the first backup server. In that way you will not loose your backup just because one of the client machines has been compromised.

    New free DDNS service skipIP.com | Invites @ blog.srvbox.com | Availability status of my servers.
  • RaymiiRaymii Member
    edited June 2012

    This is the script I use to pull backups. It saves space because of rsync's hardlink feature. It can be more efficient, but it was coded quick. You do need to have passwordless ssh keys set up.

    #!/bin/sh
    #script to backup via rsync and ssh, and have an incremental backup archive via rsync built in function to use hard links.
    
    #first define the variables
    BACKUPDIR="$HOME/backup/"
    PROJECT1="raymiiorg"
    PROJECT2="sparklingnetworknl"
    PROJECT3="irixosnl"
    date=`date "+%d-%b-%Y_%H.%M.%S"`
    
    
    #this creates the folders
    mkdir -p "${BACKUPDIR}/$PROJECT1/current/"
    mkdir -p "${BACKUPDIR}/$PROJECT2/current/"
    mkdir -p "${BACKUPDIR}/$PROJECT2/current/"
    
    #project1
    rsync -aP --link-dest=$BACKUPDIR/$PROJECT1/current -e 'ssh -p 7779' raymii.org:/var/www/ $BACKUPDIR/$PROJECT1/back-$date
    rm -rf $BACKUPDIR/$PROJECT1/current
    ln -s $BACKUPDIR/$PROJECT1/back-$date $BACKUPDIR/$PROJECT1/current
    
    #project2
    rsync -aP --link-dest=$BACKUPDIR/$PROJECT2/current -e 'ssh -p 7779' sparklingnetwork.nl:/var/www/ $BACKUPDIR/$PROJECT2/back-$date
    rm -rf $BACKUPDIR/$PROJECT2/current
    ln -s $BACKUPDIR/$PROJECT2/back-$date $BACKUPDIR/$PROJECT2/current
    
    #project3
    rsync -aP --link-dest=$BACKUPDIR/$PROJECT3/current -e 'ssh -p 7779' irixos.nl:/srv/httpd/ $BACKUPDIR/$PROJECT3/back-$date
    rm -rf $BACKUPDIR/$PROJECT3/current
    ln -s $BACKUPDIR/$PROJECT3/back-$date $BACKUPDIR/$PROJECT3/current
    
    Quis custodiet ipsos custodes?
    https://raymii.org - https://cipherli.st
  • netomxnetomx Member

    thank you, i will stick with rsync

    Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user
  • jcalebjcaleb Moderator

    rsync is pull based?

    Twitter Bootstrap Themes for your software projects. I recommend Prometeus and Catalyst Host

  • KairusKairus Member

    @dannix said: However, if you can't trust your backup provider, or you take into account, that your backup server could be compromised as well, and someone will have access to all your backups, what do you do?

    Seems like a problem that should be dealt with first. Should trust your backup provider just as much as your primary provider.

  • RaymiiRaymii Member

    @jcaleb said: rsync is pull based?

    >

    Rsync can go both ways. My script posted above pulls, but it can also push.

    Quis custodiet ipsos custodes?
    https://raymii.org - https://cipherli.st
    Thanked by 1jcaleb
  • OliverOliver Member

    @jcaleb rsync can push or pull or IIRC can transfer between two remote hosts as well.

    Ransom IT | ɹǝpun uʍop sdʌ | vps down under | AU/NZ VPS Provider | KVM in Sydney, Adelaide and Auckland | OpenVZ in Sydney and Melbourne
    Thanked by 2jcaleb netomx
  • RaymiiRaymii Member

    If you setup an rsync daemon you don't even need ssh on the machine(s)

    Quis custodiet ipsos custodes?
    https://raymii.org - https://cipherli.st
  • netomxnetomx Member

    @Raymii said: rsync daemon

    cron ;)

    Referral links: DigitalOcean referral link | Get 500MB free with Dropbox | I sell domains with Google Apps, $1 p/ user
Sign In or Register to comment.