Dirvish backup through ssh tunnel
For some time now I have been trying to switch to Dirvish (from rdiff-backup) mostly because you can use a limit bandwidth which is a very important factor for me. The following is an example of configuring dirvish to use a ssh tunnel to backup through.
I assume you have created a master config file /etc/dirvish/master.conf
. Lets jump right into configuring a vault /dirvish/default.conf
:
client: root@localhost
tree: /
xdev: 0
index: gzip
image-default: %Y%m%d
exclude:
var/cache/apt/archives
var/cache/man
tmp
var/tmp
Note: xdev needs to be 0, not false, no, off or anything like it. (I was tricked by this because the dirvish for Debian guide uses the value true for xdev which AFAIK is wrong.
All this until now is standard dirvish stuff. Now comes the tunnel part:
pre-server: ssh -f -L 20014:rivendell:22 root@fw.emcken.dk sleep 14400
rsh: ssh -o HostKeyAlias=1114 -p 20014
pre-server
is a command to run before the backup starts. The command above will create a ssh tunnel through fw.emcken.dk to rivendell on port 20014 and go into the background. The sleep 14400
keeps the tunnel open for 4 hours when idle. Don’t worry!… your backup won’t be terminated if it is still in progress after 4 hours. The tunnel will be kept open for as long as the runnel is in use. The remote execution is just an ugly hack to ensure that the tunnel is automatically closed after use.
rsh
is the important stuff. The -o HostKeyAlias=1114
makes us able to connect to localhost without being told that someone might be trying to do a ‘man-in-the-middle attack’ and refuse to connect to the tunnel. But to use HostKeyAlias we need to specify this in /root/.ssh/config
more on this further down. -p 20014
specifies the port we want to connect to.
The following might be useful when making backups over the internet:
zxfer: true
speed-limit: 90
zxfer
compress all data transmitted and speed-limit
limits the bandwidth that dirvish will use.
Now to complete the setup the machine being backed up is defined in /root/.ssh/config
:
Host rivendell
Port 20014
HostKeyAlias 1114
This is placed in root’s home dir because (on my system) root (cron) runs my backups. It is possible to create a separate user for it but I didn’t think it nessesary.
Now when you have copied your public ssh key to the machine that is going to be backed up, you are all set.
Dirvish backup through ssh tunnel
© 2005 by Jacob Emcken is licensed under CC BY-SA 4.0