====== Ubuntu - Backups - rdiff backup ======

<file bash rdiff-backup>
#!/bin/bash
EXCLUDES="/tmp /var/tmp /proc /sys /selinux /media /dev/shm /mnt"
OPTIONS="--exclude-device-files --print-statistics --force --ssh-no-compression"
MAXAGE="1M"

SRC="/"
DST="server2.firma.pl::/backup-zdalny/server1"

for i in $EXCLUDES; do
  OPTIONS="$OPTIONS --exclude $i"
done

rdiff-backup $OPTIONS $SRC $DST
STATUS=$?

msg=""
if [ $STATUS -eq 0 ]; then
  msg="$msg Backup OK"
  rdiff-backup --force --remove-older-than $MAXAGE $DST
  if [ $? -eq 0 ]; then
    msg="$msg Cleaning OK"
  else
    msg="$msg Failed to remove older than $MAXAGE"
  fi
else
  msg="$msg Failed to copy"
fi

echo $msg
exit $STATUS
</file>

----

===== Example usage =====

We have two systems: host1 and host2.

  * The script to launch the backup has to be on host1, which will connect to host2 by SSH and retrieves data from it.
  * Both computers must have the rdiff-backup script installed, preferably at the same version.

----

===== Create a key pair to log in via SSH =====

On the host1 (the command is performed using the root account):

<code bash>
sudo ssh-keygen -t rsa
</code>

Save files to the default location; when prompted for a password hit enter (a blank password / no password).  

----

===== Copy the public key for host2 =====

<code bash>
scp .ssh / id_rsa.pub host2:
</code>

----

===== Configure host2 =====

On host2 (command is performed using the root account)

We create (if there is no .ssh directory already) and set it appropriate permissions:

<code bash>
mkdir .ssh
chmod 700 .ssh
</code>

----

===== Put the public key of host1 in .ssh/authorized_keys =====

<code bash>
cat id_rsa.pub > .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
</code>

----

===== Edit the .ssh/authorized_keys =====

In front of the key, but in the same line we add (ssh-rsa ...):

<file bash .ssh/authorized_keys>
command="/usr/bin/rdiff-backup --server" ssh-rsa ...........
</file>

----

===== Configure SSHD =====

<file bash /etc/ssh/sshd_config>
PermitRootLogin forced-commands-only
StrictMode on
</file>

The later command enforces permissions and .ssh .ssh/authorized_keys were respectively 700 and 600.

----

===== Restart SSHD =====

<code bash>
/etc/init.d/sshd restart
</code>

----

===== On the host1, we can do test =====

<code bash>
rdiff-backup --print-statistics host2::/etc /tmp/etc2
</code>

This will perform the backup without asking for a password.