In this article I will go through the process of doing backups on your Linux based computer. In my example, I am running an Ubuntu Server and will be backing up the data to a Windows Server 2008 R2 machine. This should work with any Windows based computer as the backup target. Let’s get started.

1. The first I am going to do is change to my home directory and create a Backups and Scripts folder under my Documents.

cd ~/Documents/
Mkdir Backups
Mkdir Scripts

Backups-Scripts-Directories

The backup directory is what I am going to be using for my backups while the scripts directory will hold my shell backup script.

2. I created the following script that will backup the data that I need from my server:

#Shell Backup Script
#Author Glenn
#1.0 1-27-13  

FILENAME="backup-$(date +%m-%d-%y).tar.gz"
SRCLOCS="/var/www /var/log/apache2 /var/log/my* /var/log/fail* /var/log/syslog* /var/log/mail*"
DESLOC="/home/glenn/Documents/Backups"  
USERNAME="glenn"
DESHOST="yourpc.contoso.com"  

tar -cvpzf $DESLOC/$FILENAME $SRCLOCS
echo "put $DESLOC/$FILENAME" > commands.txt
sftp -o "batchmode no" -b /home/glenn/Documents/Scripts/commands.txt $USERNAME@$DESHOST

I am using SFTP for the transport of the data as it secure and will not transmit my username or password in clear text. I also don’t have to worry about other people getting access to my files since it uses a private and safe data stream. You can modify the script to include other directories that you need to back up by modifying the “SRCLOCS” variable. The “DESLOC” holds the directory where our archive with our data will be stored. For the “DESHOST” I am using the hostname of my PC which is service by DynDNS as my server is behind a residential connection and does not have a static IP address. The parameters for the tar command that I am using are listed below for your reference:

  • c – create a new backup archive.
  • v – verbose mode, tar will print what it’s doing to the screen.
  • p – preserves the permissions of the files put in the archive for restoration later.
  • z – compress the backup file with ‘gzip’ to make it smaller.
  • f <filename> – specifies where to store the backup, backup.tar.gz is the filename used in this example. It will be stored in the current working directory, the one you set when you used the cd command.

You can copy and paste the script to an empty document on your Linux server and save it with a .sh extension so that it knows that it is a shell script. Alternatively, you can download the file from here. We will use the script later on.

3. On your windows computer that you are using to store the backups you must first modify the firewall settings to allow inbound connections on port 22. Port 22 is the default port that is used by SFTP.

Head over to start and search for Windows Firewall with Advanced Security by typing the following:

Wf.msc

Which will open the windows firewall management console.

windows-firewall-1

Head over to the inbound rules on the left hand side and right-click then choose “New Rule…”:

windows-firewall-2

In the “New Inbound Rule”wizard window follow the step by step for creating an inbound rule for port 22:

windows-firewall-3

windows-firewall-4

windows-firewall-5

windows-firewall-6

windows-firewall-7

We are all set. The next thing that I like to do for better security is modify the scope options on our new rule and only allow our Linux server to have this exception applied to it. This will block other people from accessing our backup server via that port.

windows-firewall-8

If you are behind a router at home that is configured to do Network Address Translation then you must also configure port forwarding so that if you want to reach your server from the outside on port 22 the request will go to the correct computer. The following website has great documentation on setting up port forwarding for your specific router:

http://portforward.com/

4. In our Windows machine we are going to need a daemon or server that is listening to request on port 22 so that we are able to SFTP our files from our Linux server over to our Windows backup server. I could not find a native SFTP role or windows feature for Windows server and opted to use freeSSHd which was recommended by many. You can download freeSSHd from this website

http://www.freesshd.com/

Go through the setup process which should be fairly straightforward

FreeSSHD-1

FreeSSHD-2

FreeSSHD-3

FreeSSHD-4

FreeSSHD-5

FreeSSHD-6

FreeSSHD-7

FreeSSHD-8

Windows firewall will show a warning about blocking certain features of the program. Go ahead and hit “allow access”

FreeSSHD-9

Open up the program and head over to the server status tab. Verify that the SSH server is up and running.

FreeSSHD-10

On the SSH tab I went ahead and checked the “Start SSH server on free SSHd startup” option.

FreeSSHD-11

Under the authentication tab I “Disabled” password authentication since we are not going to be using that and checked the “Allowed” option for public key authentication since we will be using certificates instead which are more secure :D.

FreeSSHD-12

In the SFTP tab select the folder location where you want all the files to be saved to.

FreeSSHD-13

Lastly head over to the users tab and create a new user and make sure that for the Authorization drop down you select “Public key (SSH only)” and give the user SFTP rights.

FreeSSHD-14

5. Now that we have configured FreeSSHD the next step is to generate our public and private keys that we will use for authentication. The program of choice for this purpose is PuTTYgen and you can grab that here.

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Let’s go ahead and generate our keys by opening the program and selecting the following options:

Putty-1

Note: You can change the number of bits in the generated key but I wouldn’t personally recommend anything below 1024. 1024 is considered to provide adequate security while anything higher will give you more at the expensed of decreased performance. Hit generate once you have chosen your settings.

Putty-2

Putty-3

Go ahead and protect your key with a passphrase. Make sure that you store this passphrase in a secret location. I personally have been using Keepass for storing things of this nature for years.

Putty-4

Once you have typed your passphrase go to the “Conversions” menu at the top and select “Export openSSH key”. Save the private key with a tile of “id_rsa” to a location on your computer. You will need to transfer this key to your Linux server later on.

Putty-5

Copy the public key that is shown in the main window over to a blank text document.

Putty-6

Putty-7

This text document must then be saved over to the FreeSSHD directory that you specified during install. The name of the text document must match the name of the user account that you created. In my case the document is called “glenn.txt”. Make sure that you enable the viewing of extension for well-known file types in Windows and  get rid of the .txt extension at the end of the document.

Before with .txt extension:

FreeSSHD-Directory1

After without .txt extension:

FreeSSHD-Directory2

6. The next thing that you want to do is to copy the private key over to your server. Put the private key in the “.ssh” directory on your Linux server

Ubuntu-Server1

I used WinSCP to copy the file over into my .ssh directory

WinSCP1

WinSCP2

7. Let’s go ahead and try to SFTP over to our backup server from our Ubuntu machine. Type the following command to do so:

Sftp username@yourpc.contoso.com

Ubuntu-Server2

Looks like I forgot to fix the permissions on the private key that we just transferred over. Let’s go ahead and do that now:

Ubuntu-Server3

Ubuntu-Server4

Let’s try this again:

Ubuntu-Server5

Success!!! Now that we know that SFTP is working properly you can execute my script from above and backup your files. As a follow-up to this article I will later on post how to get keychain to work properly so that we can store the passphrase on our Linux server session and setup a Cron Job so that it can run automatically. I would also like to improve the script by deleting the backups from my server if they transferred over successfully. This will require some logic to be put into the script. That is it for now, thank you for taking your time to read this article. See you around next time.

Leave a Reply

Your email address will not be published. Required fields are marked *