Adam Goryachev wrote at about 01:40:31 +1000 on Thursday, April 28, 2011: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 28/04/11 01:11, Michael Stowe wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> I've got a number of random people's home PC's that I backup (friends > >> and relatives etc), and I'm wondering what methods people use to handle > >> this sort of environment. > >> > >> My latest method is to use the following components: > >> 1) dynamic DNS to find them > >> 2) static IP on the machine > >> 3) static port forwarding on their home modem/router > >> 4) install and configure cygwin SSH and rsync (not rsyncd) > >> > >> This method works pretty well for backing up non-open files (ie, the > >> users real documents/etc). > > > > Your step #4 I don't do, instead, I just copy a directory and use the open > > file backup method outlined here: > > > > http://www.goodjobsucking.com/?p=62 > > The first problem I see with this is that it requires the windows box to > be completely visible on the public IP... or at least enough port > forwarding as to expose the ADMIN$ share so that winexe can connect > remotely and execute the pre-exec.cmd etc...
I agree and have been hesitant to use winexe even on a LAN. It certainly is a potential security hole. Instead, I wrote (and posted) a script that uses ssh to create shadow copies and then sets up rsyncd (which is of course also a security hole unless tunneled over ssh) However, my script has only been tested on WinXP -- it requires some (minor) changes to work on Vista and Windows 7 since Microsoft's vshadow.exe has changed its interface between versions. It should, however, be simpler using Vista/Win7 since vshadow supports persistent shadow copies on those versions so you don't need to use a cmd.exe script hack to keep the shadow up and then take it down when the backup is finished. Second, you probably would want to use rsync-over-ssh rather than naked rsyncd if you are doing this over the public Internet. This would actually be significantly simpler than my rsyncd script which dynamically rewrites the rsyncd.conf and automatically starts/stops the rsyncd service (Note: I wrote the script to use rsyncd for several reasons. Most importantly, at the time cygwin rsync was broken and BackupPC only worked on cygwin/Windows with rsyncd. Second, rsyncd is faster on slow machines since you don't need to encrypt over ssh. Third, rewriting rsyncd.conf to re-assign the rsyncd module names to the new shadow mounts allows me to make the backup process independent of what the shadow mounts are named) All that being said, I have been meaning to update my script to work with Win7 for a long time but just haven't had the spare cycles to do that... > I'd prefer to restrict the external visibility to port 22, and restrict > that to key logins only... > > I can't be responsible for exposing peoples machines to attacks by > worms/virus/hackers/script kiddies/etc... > > Certainly solves some of the software installation and open files backup > though... > > Could that method be used over SSH? That would help the open files, but > then lead back to the same installation problem of installing SSH and > the service/etc... It should be possible to tunnel just about anything (including win.exe) over ssh if you have the ability to specify ports and if you take the time to play with it... ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ BackupPC-users mailing list [email protected] List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
