New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Safe method to run Rsync command to backup my server on another one?
Hi all, I'm trying to sync/backup my data from my main server to a backup server,
The tutorials/command I watch on the internet required mostly root remote login
I can create new user and add it to Nginx group, but I don't like the idea that user to have shell login,
from what I understand, Rsync uses sort kind of shell secure login, so I guess I can't use nginx user to login into the server and backup my files from it.
I as what safest way to back up my main server files remotely without the risk of exposing it root user credential on the backup server?
Comments
https://www.sakana.fr/blog/2008/05/07/securing-automated-rsync-over-ssh/
plus
/usr/bin/rrsync -roas command rather than pure rsync so have it only with read only rights and you can even limit it to specified directory - like if you are only backing up /var/www there is no reason to have it access to everything above :-)EDIT: also you don't really want to push backups to external server (you can do it if you know what you doing) as if you would get some malware or other shit on server it could overwrite/delete your remote backups and this would be epic double tragedy
there is also sshpass where you can use a password instead of ssh keys if needed.
In fact, I care if one of both Server/Backup get malware etc., to not affect the other (that is really bad for me too since I'll download these backups to my laptop at the end)
For now, I think the best solution is creating unprivileged user add it to nginx group and login remotely and use
sshpassas what @babywhale said in crontab.Are you able to pull the backup from the server?
So run rsync on your backup server instead.
OK I just look into it, I guess pull mode is better than using rsync with login credential, Honesty I didn't know about this feature before you mentioning it..
I will do more research and try to run it on my backup server and see.
Just asking if pull mode will like what rsync do, e.g. not pulling already backup files again, and I don't care if original file on main server get deleted I want it to remain on the backup server (since it had a lot more capacity)
So there isn't a specific "pull" mode per say.
It's just a different way of moving the files.
All rsync commands basically look like:
rsync source_files destination_filesOn your main server you can do:
rsync myfiles/ user@backupserver:myfiles/This will "push" the files from main to backup, because you ran rsync on the main server.
If you run the below on your backup server:
rsync [email protected]:myfiles/ backups/It will login to your main server and get the files from there and bring them to the backup server.
I wouldn't use rsync as is for backups, since you wouldn't have versioning to recover previous versions of files if needed. There are many tools to do backups, perhaps one of the easiest I recommend you look into is https://restic.net/
It's extremely easy to use and battle tested.
yeah i mean there are allot of options to choose from so its whatever your comfortable with using.
@JustPfff if your worried about people being able to do log in attempts to yours vps you could only allow the 1 ip address to be able to log in with a specific user.
in /etc/ssh/sshd_conf you can do something like this.
AllowUsers=user@ipv4hope this helps