Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


SSH backup to other VPS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

SSH backup to other VPS

netomxnetomx Moderator, Veteran
edited June 2012 in General

I want to tar a backup to other server (because of space); is it OK?

ssh [email protected] "tar cz /var/www/html" > backup.gz

thx

Comments

  • BluBoyBluBoy Member

    If this is going to be a regular backup, using rsync over SSH seems like a much better solution?

    I use this as a quick and dirty hack on a few VPS: https://www.thriftydevil.com.au/technology/secure-backups-with-rsync-and-ssh

  • raindog308raindog308 Administrator, Veteran

    Or you could use rsync over, well, rsync :-)

  • netomxnetomx Moderator, Veteran

    and how to tar it?

  • @netomx said: and how to tar it?

    With tar of course.

    Using rsync will minimize the amount of data that has to be transfer from the source server. Then build redundancy on the backup server using tar, or one of several applications designed for the job.

  • netomxnetomx Moderator, Veteran

    @sleddog said: With tar of course.

    I was reffering to, tar the destination delete it... and the rsync again?

  • @netomx said: tar the destination delete it... and the rsync again?

    Sorry you lost me...

  • netomxnetomx Moderator, Veteran

    @sleddog said: Sorry you lost me...

    if you rsync, you'll create a folder on your destination, right?

    I'm on the destination VPS, and I want it to tar it (or encrypt it). If I tar it, the rsync folder will not be encrypted, so I need to delete it. And then? If I rsync again, will rsync ALL the files again...

  • @netomx said: If I tar it, the rsync folder will not be encrypted, so I need to delete it. And then? If I rsync again, will rsync ALL the files again...

    Yes that's true. Why do you want to encrypt the backup of your website?

  • netomxnetomx Moderator, Veteran

    @sleddog said: your website?

    because it will store mysql backups too, and they are from clients...

  • BluBoyBluBoy Member

    OK, From my understanding you have two options...
    1) Tar + Compress (+ Encrypt?) the folder on the source VPS and then copy that file to your destination.
    2) rsync the source folder to to your destination. Tar + Compress (+Encrypt?) it there.

    If you do option #1, every time you copy the backup.tar.gz file it will need to copy the entire thing each time.
    EG. in your backup folder you will have:
    27062012.BACKUP.tar.gz
    28062012.BACKUP.tar.gz
    29062012.BACKUP.tar.gz
    30062012.BACKUP.tar.gz
    ... etc

    If you do option #2, it will only send files that have been updated. You should then tar and compress this into daily/weekly/monthly backups.
    EG. in your backup folder you will have:
    source/index.php
    source/favicon.ico
    source/...etc
    backup/27062012.BACKUP.tar.gz
    backup/28062012.BACKUP.tar.gz
    backup/29062012.BACKUP.tar.gz
    backup/30062012.BACKUP.tar.gz
    backup/...etc

    Option #1 will save you some CPU cycles on both machines when the backup is run.
    Option #2 will save you significant amount of bandwidth when the backup is run.

  • netomxnetomx Moderator, Veteran

    @BluBoy said: destination. Tar + Compress (+Encrypt?) it there.

    Ok, compress.. then what will happen with that folder? =P

    the only thing possible is with Truecrypt; I'm waiting to Damian to enable fuse module

  • @netomx said: because it will store mysql backups too, and they are from clients...

    Is the backup server somehow less secure than the live server?

  • netomxnetomx Moderator, Veteran

    @sleddog - nope, it is just a fancy thing :(

  • dannixdannix Member

    If you need encrypted backups try duply and duplicity

    Thanked by 1djvdorp
  • netomxnetomx Moderator, Veteran

    @dannix said: duply and duplicity

    will check this, thanks

  • raindog308raindog308 Administrator, Veteran

    What do you do when someone breaks into your primary server and now has the encryption keys and ssh keys to delete your backups on the backup server?

    push-based backups are inherently dangerous because all information needed to nuke them is kept on the server doing the push. There are some exceptions (e.g., tarsnap uses delegated authority, but it's likely too expensive for this case) but I personally prefer pull-based backups.

    Thanked by 1jcaleb
  • PADPAD Member

    Yeah MainServer pushing backups to BackupServer is always going to be insecure, there is no benefit of encrypting. Using pull based backups is the way to go. Like @raindog308 said.

  • jcalebjcaleb Member

    i push from primary server to a backup server. all backup of backup server pull from backup server.

  • PADPAD Member

    @jcaleb, risky, shouldn't be done on production servers hosting customers of any type.

  • jcalebjcaleb Member

    i will consider. thanks!

  • dannixdannix Member

    If you don't care if somebody can read your backups on a backup server, then the easiest solution is to run something like rsnasphot/rdiff-backup on the backup server and pull the data from different locations. In such case, if one of your machines will be compromised, your backup remains safe.

    However, if you can't trust your backup provider, or you take into account, that your backup server could be compromised as well, and someone will have access to all your backups, what do you do?
    Encrypted backup allows you to store your important files on an untrusted backup server. Even if someone will gain access to your backup server, the files there are quite useless for him.
    As you said the dissadvantage of the push backup is however, the possibility of the backup destruction by an attacker.

    To prevent this, one could combine both techniques: use push encrypted backups, for the data security on the backup server, and use second backup server which pulls encrypted backups from the the first backup server. In that way you will not loose your backup just because one of the client machines has been compromised.

  • RaymiiRaymii Member
    edited June 2012

    This is the script I use to pull backups. It saves space because of rsync's hardlink feature. It can be more efficient, but it was coded quick. You do need to have passwordless ssh keys set up.

    #!/bin/sh
    #script to backup via rsync and ssh, and have an incremental backup archive via rsync built in function to use hard links.
    
    #first define the variables
    BACKUPDIR="$HOME/backup/"
    PROJECT1="raymiiorg"
    PROJECT2="sparklingnetworknl"
    PROJECT3="irixosnl"
    date=`date "+%d-%b-%Y_%H.%M.%S"`
    
    
    #this creates the folders
    mkdir -p "${BACKUPDIR}/$PROJECT1/current/"
    mkdir -p "${BACKUPDIR}/$PROJECT2/current/"
    mkdir -p "${BACKUPDIR}/$PROJECT2/current/"
    
    #project1
    rsync -aP --link-dest=$BACKUPDIR/$PROJECT1/current -e 'ssh -p 7779' raymii.org:/var/www/ $BACKUPDIR/$PROJECT1/back-$date
    rm -rf $BACKUPDIR/$PROJECT1/current
    ln -s $BACKUPDIR/$PROJECT1/back-$date $BACKUPDIR/$PROJECT1/current
    
    #project2
    rsync -aP --link-dest=$BACKUPDIR/$PROJECT2/current -e 'ssh -p 7779' sparklingnetwork.nl:/var/www/ $BACKUPDIR/$PROJECT2/back-$date
    rm -rf $BACKUPDIR/$PROJECT2/current
    ln -s $BACKUPDIR/$PROJECT2/back-$date $BACKUPDIR/$PROJECT2/current
    
    #project3
    rsync -aP --link-dest=$BACKUPDIR/$PROJECT3/current -e 'ssh -p 7779' irixos.nl:/srv/httpd/ $BACKUPDIR/$PROJECT3/back-$date
    rm -rf $BACKUPDIR/$PROJECT3/current
    ln -s $BACKUPDIR/$PROJECT3/back-$date $BACKUPDIR/$PROJECT3/current
    
  • netomxnetomx Moderator, Veteran

    thank you, i will stick with rsync

  • jcalebjcaleb Member

    rsync is pull based?

  • KairusKairus Member

    @dannix said: However, if you can't trust your backup provider, or you take into account, that your backup server could be compromised as well, and someone will have access to all your backups, what do you do?

    Seems like a problem that should be dealt with first. Should trust your backup provider just as much as your primary provider.

  • RaymiiRaymii Member

    @jcaleb said: rsync is pull based?

    >

    Rsync can go both ways. My script posted above pulls, but it can also push.

    Thanked by 1jcaleb
  • OliverOliver Member, Host Rep

    @jcaleb rsync can push or pull or IIRC can transfer between two remote hosts as well.

    Thanked by 2jcaleb netomx
  • RaymiiRaymii Member

    If you setup an rsync daemon you don't even need ssh on the machine(s)

  • netomxnetomx Moderator, Veteran

    @Raymii said: rsync daemon

    cron ;)

Sign In or Register to comment.