backup remote windows server files securely

[Red Squirrel]

I want to setup some kind of way to automaticly backup files on a windows server (and possibly Linux) to my home machine. I'm thinking some kind of permanent SSH tunnel to the remote server from my home server. I basically need a good way to transfer files via script, and something else then ftp as it is a complex protocol to work with specially when SSH tunnels are involved as it needs multiple ports and stuff. I want a single port protocol (may even make my own, can't be too hard).

Basically what I need to do is either

A: mount the remote server's drive to my local Linux server

B: mount my server's deposit directory to the remote server.

From that point it would be a copy operation or what not. Obviously I need security so this would be done through the tunnel.

What would be the easiest and best way of doing this? I'm hoping to be able to mount the windows share to linux so from linux server's point of view everything is central, if I do multiple servers. Then I can use rsync and treat the mount like a regular folder.

I *could* use ftp as well, if theres a way to mount it as a directory. Though I'm hoping to use SSH for the encryption benefits.

 

[Khyron320]

How about a VPN ?

 

[Red Squirrel]

I don't have access to the server physically so I can't add a router or anything of that sort. Hoping to do it through (free) software.

Only thing I can think of is having a SSH client open all the time on the server with a tunnel to the linux box then have some kind of single port based transfer protocol, but not sure what.

But actually be able to map a drive would be nice.

 

[Netopia]

You can use rsync with cygwin. If you google "rsync cygwin", you'll find a lot of how-tos. rsync is a pretty robust utility. I've never set it up myself, but they had a 90 minute presentation on it at my local LUG, and it's got some pretty impressive features. For instance, if you have a huge file that has changed, it can examine the file, determine EXACTLY what has changed, and only transmit the chunks that are changed, rebuild and verify the files against each other. If you're dealing with huge files, I imaging that feature alone would make it worthwhile.

Joe

 

[Red Squirrel]

Yeah I'd be using rsync, but still need a way to map a remote folder locally other then smb. Don't think that would really work over a tunnel. Basically what I need to do is:


Home Server connects to remote server via SSH, and creates a tunnel on port NN then maps a folder through NN protocol then once its mounted to the server rsync will then do the backup. Just need to know what I could use as the NN protocol. Needs to be something that can mount a folder, like smb (but not smb as don't think tunnel to localhost:139 would work if theres already a smb server on that box)

 

[Brazen]

I would probably use stunnel with ftp.

 

[Red Squirrel]

yeah can't really mount ftp to a folder though. I want to mount the remote directory to my local server, so then I can use rsync to treat it as a local folder. I want to be able to fully automate it.

 

[Brazen]

oh, actually, I did not realize rsync had a Windows port. If it was two linux boxes I would definately use rsync + stunnel. Since at least one is a Windows box, and rsync and stunnel both have Windows ports, I would probably give rsync + stunnel a try on Windows, too.

By the way, you don't need to have a folder mounted to use rsync. If you install rsync on the remote PC, then you can have it listen in daemon mode and rsync on the client connects directly to the rsync daemon on the remote host. The transport protocol makes better use of bandwidth then just about any other remote transport protocol, and then security is handled by stunnel.

 

[Red Squirrel]

hmmm so rsync can act as a server? I'll have to look into that then...

Now this is just an opinion thing, lets say I want to backup multiple servers, what is the best way, having each server "push" to the central server (at my house with 1 port forwarded to my router) or have my server "pull" from each server? I'm thinking having each server push to my server is a better way.

So on server to be backed up I'd have a script that SSHes into my home server, establishes the tunnel, then starts the transfer, then disconnects. Does that sound reasonable?

So each server will only need a SSH client installed. Right now I only manage 1 windows server online and 1 shared linux hosting account but I'm thinking of the future. If ever I got into the hosting business I'd probably set something like this up as well.

 

[Netopia]

You should document this as you go and make a How-To. I bet LOTS of people would have use of this.

Joe

 

[Red Squirrel]

Yeah I'll want to document it for sure, just for my own purposes.

I actually rethought out my process, I should have my home server pull the data from the other servers. Only thing is I'll need a rsync daemon on all of them, so this may be tricky in windows or on linux hosts I have no control over. Think my best bet may just be sftp that way I know its always available - even the windows version of sshd has sftp. Just need to find a way to mount FTP to a folder, or I can just do direct transfers and not worry about partial backups, though this is kinda inefficient.

 

[Brazen]

Here is a short HowTo for rsync and stunnel: http://www.stunnel.org/examples/rsync_mike.html

This may be personal preference, but I would think I would just keep stunnel and rsync running as a service on the remote box and then initiate all the connections from your central server. I'm not sure how good stunnel or openssh is on Windows as a service though.

I do know Putty works great and reliable as an ssh client on Windows though.

 

[Red Squirrel]

Actually more I look at it, more I realize this is far from easy to do.

It does not look like its possible to auto login to a SSH server without using public key authentication which is complex to setup, and not always an option (ex: not self owned hosting server).

 

[Brazen]

Originally posted by: RedSquirrel
Actually more I look at it, more I realize this is far from easy to do.

It does not look like its possible to auto login to a SSH server without using public key authentication which is complex to setup, and not always an option (ex: not self owned hosting server).

You are wanting to do this from hosted servers? Yeah, that is probably going to limit your options then. For those you are probably going to be limited to ftp or webdav. Webdav is nice for security because it can also be encrypted with https. I think it is actually possible to mount either ftp or webdav as a folder, probably using fuse, if anything, but you could also just use a regular ftp client to download the files. Of course if you have ssh login access, then you should also be able to use scp to copy files, which I am also positive can be mount to a folder with fuse.

I normally just use a password to log into ssh, but I did have a need for an autologin in the past and set up public key authentication for it and it really was easy. There were a lot of steps, and I didn't really understand what those steps did, but there is easy documentation out there and just follow the steps one after another and it will work.

 

[Red Squirrel]

Yeah the trick with my setup is I'm trying to find a way that will be easy to add a new server, and multi platform. Like one of the servers I do have access to but its windows, the other server is a shared host.

I was just considering things like forum attachements which don't really get backed up. The SQL side is fine (but done manually) but I was thinking of seting up some kind of rsync over ssh to do dynamic files like forum upload folders.

Guess its probably less of a headache to just continue doing this stuff manually. i can just make a script on each host to zip up the stuff occasionally then FTP it out every now and then, which is how I'm mostly setup now.

Really, this would be a nice software to write myself... some kind of remote backup system thats multi platform and can do partial backups. Not an easy thing to code though... And even then the server part would have to be installed, requiring full server access. So not viable for shared hosting.

 

[Netopia]

Have you asked the people housing the shared host if the rsync deamon was present or could be loaded. There's always the possibility that they'll cooperate. Heck... they may already have it running for their own backup purposes!

If you go more the route that you outlined above, you could just make a cron job to make a file with the date concatenated as part of the filename and then have it scp'ed to your local server (I think your local server is Linux, no?). You'd want to make a new user that had almost virtually no authority, and maybe even chroot that user and make that the upload directory so that you could have the login credentials in the remote scripts and not have to worry about much damage if someone saw them.

I currently just copy all of the files for a local backup, but I used to make a tarball with the date as part of the filename. Here's the script I use to back up one my my servers locally (hard drive to hard drive) and at the bottom (commented out now) is what I used to use to make the filesnames with dates so I could identify them and also not have to worry about overwriting (so I could have a number of backups in case I needed to go back a bit).

Just a thought.

Joe

 

[Netopia]

UGHHHH.... the "CODE" insertion SUCKS on FuseTalk!


## Mount the backup partition on second drive
mount /dev/hdc2 /temp
sleep 10 s

#Create Directroy With Day and Date
BACKDATE=`date '+%A-%m-%d-%y_%I_%M%p'`
mkdir /temp/cranium/$BACKDATE

## Backup selections to temp directory on hdc2
cp -avu --parents /usr/bin /temp/cranium/$BACKDATE
cp -avu --parents /var/ /temp/cranium/$BACKDATE
cp -avu --parents /etc /temp/cranium/$BACKDATE
cp -avu --parents /home /temp/cranium/$BACKDATE
cp -avu --parents /root /temp/cranium/$BACKDATE
cp -avu --parents /backup-sql /temp/cranium/$BACKDATE


umount /temp




## Tarball/Gzip backed up direcories onto partition on hdc
## Using current date and time environment variables to
## create filename
#BACKDATE=`date '+%A-%m-%d-%y_%I_%M%p'`
#cd /backup
#tar -cvzf cranium_$BACKDATE /temp/cranium/$BACKDATE