[BackupPC-users] WORKAROUND: Hang when using rsync over ssh to backup Windows 2003 files
PROBLEM: Backup Hangs when using BackupPC / rsync over ssh to a Windows 2003 server. WORKAROUND SUMMARY: Backup a Windows 2003 server using by using BackupPC's Pre and Post commands to establish a forwarding ssh tunnel and a locally bound Windows rsyncd service. I know what you are thinking - I don't want to load rsyncd as a service because this creates another security issue. Wait, we are going to BIND the rsyncd service to 127.0.0.1 and then connect to it via the forwarding tunnel! Awesome. Performing a backup using this method will seem weird because you'll be issuing an rsync command on your BackupPC server against localhost, 127.0.0.1::module, which is forwarded over to the Windows 2003 server where it then connect to the rsync service on 127.0.0.1:873. Believe me - it works. I've been using this method for over a month now without any problems. HOWTO: How to backup a Windows 2003 server using BackupPC, rsyncd, and a forwarding ssh tunnel. The goal was to develop a secure backup method that actually works. Rsync over ssh from Linux to Windows fails (for me). So, we developed a secure method that meshes nicely with BackupPC and rsyncd. Caution: these are my personal notes, following them may crash your system and result in data loss. FAILURE: Linux --rsync/ssh-- Windows 2003(sshd): We spent about a week trying to resolve problems backing up a Windows 2003 server from Linux using rsync over ssh. Almost all of our attempts at getting a clean backup of Windows 2003 server from a Linux server using rsync over ssh failed miserably - the backup would simply hang on certain files. This problem persisted even when we replaced the original Windows source files with a Volume Shadow Copy - ouch! SUCCESS: Linux ==rsync (modules)/ssh== Windows 2003(sshd/rsyncd) All of our tests using module-based rsync from Linux to Windows 2003 rsyncd services worked perfectly. So, we developed a simple workaround to secure rsyncd connections through a forwarding ssh connection. To do this, we bind rsyncd to localhost on a Window 2003 server and then connect to this service from our Linux backup server through a forwarding SSH tunnel. --- ESTABLISHING RSYNCD (localhost) AND SSHd ON WINDOWS 2003 SERVER: * Install cygwin, be sure to include cygrunsrv, openssh and rsync. * Follow one of the many online guides for setting up cygwin's sshd (reference: http://pigtail.net/LRP/printsrv/cygwin-sshd.html) To setup rsync as service in Windows 2003 do the following: (reference: http://www.gaztronics.net/rsync.php) Start cygwin: % vi /etc/rsyncd.conf use chroot = false strict mode = false [backupwww] path = /cygdrive/c/webserver read only = false list = true comment = BACKUP ESTABLISH CYGWIN AS A SERVICE % cygrunsrv -I Rsyncd -p /cygdrive/c/cygwin/bin/rsync.exe -a --config=/cygdrive/c/cygwin/etc/rsyncd.conf --daemon --no-detach --address= 127.0.0.1 -f Rsyncd daemon service on localhost -u Administrator ***IMPORTANT: BE SURE TO USE --address=127.0.0.1 * START SERVICE: % cygrunsrv --list % cygrunsrv --start sshd % cygrunsrv --start Rsynd Now, we are ready to test our new services. TESTING: ESTABLISH THE FORWARDING TUNNEL: TESTING: On your Linux backup server issue this command: TESTING: linux% ssh -L 1500:127.0.0.1:873 -l user myserver.my.domain TESTING: This command will establish a tunnel to myserver where new connections to the local linux port on 1500 are forwarded over to the remote side and actually connect to 127.0.0.1:873. That is to say, local connections to 127.0.0.1:1500 are: (a) FORWARDED through the tunnel and (b) connected to 127.0.0.1:873 on the remote side. TESTING: Now that we have this incredibly useful tunnel in place, all we need to do is run rsync against the localhost:1500 to actually backup the remote side. TESTING: Here is an example of the rsync command: TESTING: linux% rsync -av --port 1500 127.0.0.1::backupwww /home/backups TESTING: In this example, backupwww is the name of your Windows 2003 rsyncd module. Obviously, /home/backups is the destination on your backup server where you want to store these test backups. --- If everything works, you are ready to configure BackupPC. == BACKUPPC == BACKUPPC: BackupPC (rsyncd method) --ssh tunnel- Windows 2003 Server (sshd/rsyncd) LINUX: Install BackupPC LINUX: Setup ssh keys such that user backuppc can ssh over to your Windows 2003 server without supplying a password (reference: http://backuppc.sourceforge.net/faq/ssh.html) Pick an alias for your Windows 2003 server to be used by BackupPC. Any name will do - we'll map this alias to 127.0.0.1 later with ClientNameAlias. For this example, I selected securewww1 as an alias for our Windows 2003 server. linux% vi /BackupPC/conf/hosts
Re: [BackupPC-users] WORKAROUND: Hang when using rsync over ssh to backup Windows 2003 files
This is a great piece of knowledge, I encourage you to put this on the wiki. also note that this can be done in reverse to have the remote machine create the tunnel and issue a command over ssh 'BackupPC_servermsg or BackupPC_dump' allowing remote clients to backup on their own schedule without the backuppc server having any knowledge of their remote IP address. this is also a great was to secure your rsync traffic as the rsyncd server in cygwin does not listen to any network IP address, only 127.0.0.1 very nice. On Feb 11, 2008 4:07 PM, hot java [EMAIL PROTECTED] wrote: PROBLEM: Backup Hangs when using BackupPC / rsync over ssh to a Windows 2003 server. WORKAROUND SUMMARY: Backup a Windows 2003 server using by using BackupPC's Pre and Post commands to establish a forwarding ssh tunnel and a locally bound Windows rsyncd service. I know what you are thinking - I don't want to load rsyncd as a service because this creates another security issue. Wait, we are going to BIND the rsyncd service to 127.0.0.1 and then connect to it via the forwarding tunnel! Awesome. Performing a backup using this method will seem weird because you'll be issuing an rsync command on your BackupPC server against localhost, 127.0.0.1::module, which is forwarded over to the Windows 2003 server where it then connect to the rsync service on 127.0.0.1:873. Believe me - it works. I've been using this method for over a month now without any problems. HOWTO: How to backup a Windows 2003 server using BackupPC, rsyncd, and a forwarding ssh tunnel. The goal was to develop a secure backup method that actually works. Rsync over ssh from Linux to Windows fails (for me). So, we developed a secure method that meshes nicely with BackupPC and rsyncd. Caution: these are my personal notes, following them may crash your system and result in data loss. FAILURE: Linux --rsync/ssh-- Windows 2003(sshd): We spent about a week trying to resolve problems backing up a Windows 2003 server from Linux using rsync over ssh. Almost all of our attempts at getting a clean backup of Windows 2003 server from a Linux server using rsync over ssh failed miserably - the backup would simply hang on certain files. This problem persisted even when we replaced the original Windows source files with a Volume Shadow Copy - ouch! SUCCESS: Linux ==rsync (modules)/ssh== Windows 2003(sshd/rsyncd) All of our tests using module-based rsync from Linux to Windows 2003 rsyncd services worked perfectly. So, we developed a simple workaround to secure rsyncd connections through a forwarding ssh connection. To do this, we bind rsyncd to localhost on a Window 2003 server and then connect to this service from our Linux backup server through a forwarding SSH tunnel. --- ESTABLISHING RSYNCD (localhost) AND SSHd ON WINDOWS 2003 SERVER: * Install cygwin, be sure to include cygrunsrv, openssh and rsync. * Follow one of the many online guides for setting up cygwin's sshd (reference: http://pigtail.net/LRP/printsrv/cygwin-sshd.html) To setup rsync as service in Windows 2003 do the following: (reference: http://www.gaztronics.net/rsync.php) Start cygwin: % vi /etc/rsyncd.conf use chroot = false strict mode = false [backupwww] path = /cygdrive/c/webserver read only = false list = true comment = BACKUP ESTABLISH CYGWIN AS A SERVICE % cygrunsrv -I Rsyncd -p /cygdrive/c/cygwin/bin/rsync.exe -a --config=/cygdrive/c/cygwin/etc/rsyncd.conf --daemon --no-detach --address= 127.0.0.1 -f Rsyncd daemon service on localhost -u Administrator ***IMPORTANT: BE SURE TO USE --address=127.0.0.1 * START SERVICE: % cygrunsrv --list % cygrunsrv --start sshd % cygrunsrv --start Rsynd Now, we are ready to test our new services. TESTING: ESTABLISH THE FORWARDING TUNNEL: TESTING: On your Linux backup server issue this command: TESTING: linux% ssh -L 1500:127.0.0.1:873 -l user myserver.my.domain TESTING: This command will establish a tunnel to myserver where new connections to the local linux port on 1500 are forwarded over to the remote side and actually connect to 127.0.0.1:873. That is to say, local connections to 127.0.0.1:1500 are: (a) FORWARDED through the tunnel and (b) connected to 127.0.0.1:873 on the remote side. TESTING: Now that we have this incredibly useful tunnel in place, all we need to do is run rsync against the localhost:1500 to actually backup the remote side. TESTING: Here is an example of the rsync command: TESTING: linux% rsync -av --port 1500 127.0.0.1::backupwww /home/backups TESTING: In this example, backupwww is the name of your Windows 2003 rsyncd module. Obviously, /home/backups is the destination on your backup server where you want to store these test backups.
