Ubuntu – Using rsync to backup Windows Server 2008 R2 files to Ubuntu, using plink for SSH

puttyrsyncsshUbuntuwindows-server-2008

I am trying to configure rsync for backing up files on a Windows Server 2008 R2 box to a Ubuntu box. All (non-test) data must be encrypted.

I have managed to get it working using just rsync, recieving date from port 873, but I am having trouble using plink as well.

Here is my configuration:

Ubuntu

rsyncd.conf:

log file = /var/log/rsync.log
[ukwindb1backup]
   path = /home/ukwindb1/rsync
   comment = Backup
   uid = ukwindb1
   gid = ukwindb1
   use chrott = true
   read only = false
   auth users = ukwindb1
   secrets file = /etc/rsyncd.secrets

Rsync deamon has been started, and there is a "ukwindb1" account, with a SSH public key for authentication. All SSH traffic is on a different port, not 22.

The password for "ukwindb1", stored in the rsyncd.secrets file is not the same as for the Ubuntu account (though passwords are disabled for SSH login).

Windows Server

I have cygwin installed, and have managed to get rsync to work, using this batch file:

rsync.exe -qrtz --password-file=/home/Administrator/secret --delete "/cygdrive/c/Backups" ukwindb1@[removed-ip]::ukwindb1backup
pause

I also have the Putty programs installed, and want to use plink to connect to the other server, so that I can use Pageant to manage my passworded keys.

I tried this batch file, to connect to the SSH server using plink, and it worked fine:

plink -ssh -P [removed-port] -l ukwindb1 -i C:\ukwindb1.ppk [removed-ip]
pause

Now, when I tried this batch file for putting the two together, it failed:

rsync.exe -qrtz -e "plink -ssh -P [removed-port] -l ukwindb1 -i C:\ukwindb1.ppk [removed-ip]" --delete "/cygdrive/c/Backups" ukwindb1@[removed-ip]::ukwindb1backup
pause

Any ideas? What exactly am I doing wrong?

In addition:

Do I actually need the rsync daemon running?

Can I specify a directory on the server, from the client end, rather than "::ukwindb1backup"?

Best Answer

I think you can skip rsyncd and plink entirely, by rearranging your architecture a bit (which will have other benefits).

I believe that rsyncd daemon doesn't actually need to be running to do a basic rsync for backup purposes. rsync normally just connects to the other box over SSH, fires up an instance of rsync on the far side, and the two rsyncs talk to each other over ssh -- the rsyncd daemon isn't really involved. rsyncd is normally used to serve content for download by multiple clients (like a mirror server).

In this setup, I assume that the box receiving the backup (the Ubuntu box) is the more "trusted" system (from a security perspective) --- not because it's Ubuntu, but because backup servers naturally have to hold data for multiple sensitive hosts. As such, I would recommend initiating the rsync from the Ubuntu box, and setting the key trust relationship so that it's the Windows box that trusts the Ubuntu box, and not the other way around. This would mean setting up sshd under Cygwin, and locking it down (with a host-based firewall) so that only connections from your backup server are permitted.

You could then simply execute:

rsync -qrtz windowsbox:/path/to/files /path/to/ubuntu/backups

... which also demonstrates how to specify the directory on the serving side.

As the next troubleshooting step, I would drop trying to use rsyncd, temporarily leaving out key-based authentication just as you did in your earlier troubleshooting, and just try a simple rsync (of a couple of test files) using password-based authentication.

Once you get the basic sync working, you'll also want to look at rsync's --modify-window option, which will ignore the small drift in timestamps that can result from the differences in how Windows and Unix-likes handle seconds in timestamps. Otherwise, files that could otherwise be skipped will get copied over and over again.

I also strongly recommend leaving off the --delete option until after you have finished debugging and testing your solution. One typo and you can delete far more than you intended.

Related Solutions

Ssh – use PLink and Pageant with Cygwin’s ssh

I also wrote a proxy between openssh and pageant, which I call ssh-pageant. It looks like pretty much the same approach as charade, but I hadn't heard of it. Well in case you have trouble, I thought I'd throw out ssh-pageant to try instead.

Windows – Using rsync from msysgit for binary files

As of now (9/7/2017) it is extremely easy to manually add rsync support to the Git for Windows environment without even having to resort to running the Git for Windows SDK.

I stumbled across this post and didn't think it could really be that easy given all the alternatives, but it really is. All you need to do is grab the rsync package from the MSYS2 Package repository and extract the rsync.exe file into C:\Program Files\Git\usr\bin. One and done. It works.

If you need help extracting rsync.exe from the rsync package (which is in tar.xz format), you can either use a compression utility like 7zip or do it directly within the Git for Windows bash environment like so:

cd /c/downloaded_location
tar -xvf rsync.pkg.tar.xz usr/bin/rsync.exe --strip-components=2

This gives you the rsync.exe file in the downloaded location (adjust the package name accordingly). In light of Windows permissions issues I won't try to give specific commands on getting the exe into the C:\Program Files\Git\usr\bin folder. You can copy it via an explorer GUI or via an elevated command line utility (and yes, it will require admin level permissions to copy something into the Program Files folders).

If you want to also use Pageant authentication with rsync over ssh, the ssh-pageant binary is already installed in Git for Windows and all you need to do is add a small bit to your ~/.bashrc or ~/.bash_profile file (see ssh-pageant usage section and Git for Windows wiki). I've modified it specifically for use with the Git for Windows environment and enhanced it with some detection for a missing socket file:

# ssh-pageant allows use of the PuTTY authentication agent (Pageant)
SSH_PAGEANT="$(command -v ssh-pageant)"
if [ -S "$SSH_AUTH_SOCK" ]; then
  PAGEANT_SOCK=$SSH_AUTH_SOCK
else
  PAGEANT_SOCK=${TEMP:-/tmp}/.ssh-pageant-$USERNAME
fi
if [ -x "$SSH_PAGEANT" ]; then
  eval $("$SSH_PAGEANT" -qra "$PAGEANT_SOCK")
fi
unset SSH_PAGEANT
unset PAGEANT_SOCK

I can't speak to how other utilities might or might not work by manually installing them this way, but rsync appears to work just fine. Hopefully that repo will stay and continue to be updated--I'd think so because it's hosted at the official MSYS2 site.

Best Answer

Related Solutions

Ssh – use PLink and Pageant with Cygwin’s ssh

Windows – Using rsync from msysgit for binary files

Related Topic