Finally managed to get the netbook onto my rsnapshot backup scheme. As I talked about in this post, there are issues trying to backup machines with rsnapshot that use WOL or are wireless netbooks that are sometimes on and sometimes not.

So, I wrote a script that constantly polls for a machine and backs it up if it is one the network (detailed in the linked post above).

But now... a new challenge. This netbook runs windows... and it is wireless so WOL is not really an option... AND.. it is XP home edition, so the samba sharing is not really what I would like. This means I need a rsync server on the windows netbook.

Downloaded and installed cwrsync server. Read through the documentation and this by itself just looks like a gigantic security hole, especially for a travelling netbook. So, I also installed copssh, an ssh server for windows, and then did the following:

Step 1: Install copssh and cwrsync server
Step 2: Configure cwrsync to only allow hosts "" which is localhost
Step 3: Configure ssh keys for key based login
Step 4: Change copssh to run on non-standard ssh port
Step 5: Configure .ssh/config to specify the username and port to use when connecting
Step 6: Modify the rsnapshot script I presented in the linked post to open up an ssh tunnel before running rsnapshot, and then to kill the tunnel afterwards
Step 7: Create an rsnapshot configuration file but specify the host as "localhost" since the tunnel will provide the mechanism to the netbook

Ultimately, this seems to work pretty nice. When I catch the netbook powered on and on the network, and it hasn't been backed up recently, I back it up through an encrypted ssh tunnel. The rsync is protected by the windows firewall and the host blocking line. The ssh server is protected by running on a non-standard port, by having the nonstandard port firewall entry in Windows restricted to the two hosts I might ssh from, and using key based login. Lastly, all the transmitted info is encrypted.

For those interested, here is the mods to the previous script I presented:


... previous script stuff ...

    ping -qnc 1 some_machine > /dev/null
    if ($?) then
        # If it has been more than a couple of days, alert the admin
        if ( $time_since_last_success > $warn_secs ) then
            echo "some_machine failed. Consider manual run"
            echo "some_machine failed. Consider manual run" >>/var/log/rsnapshot
            echo "some_machine not awake.  Exiting..." >> /var/log/rsnapshot
        echo "Found some_machine... Attempting backup..." >> /var/log/rsnapshot
        cd -

        # Kill any old zombie tunnels
        ps ax |grep "ssh" |grep "somehost |awk '{print $1}' |xargs -i kill {}

        # Establish the tunnel
        ssh -f -N -L 873:localhost:873 user@some_machine

        # Run the rsnapshot job
        rsnapshot -c /etc/rsnapshot.conf.some_machine $1

        # Kill the tunnel
        ps ax |grep "ssh" |grep "somehost" |awk '{print $1}' |xargs -i kill {}

... rest of script ...

Seems to be working!

No comments: