[oclug]scp to backup?

Gerald Oskoboiny gerald at impressive.net
Fri Nov 8 00:41:39 EST 2002 

On Wed, Nov 06, 2002 at 10:36:42PM -0500, Raj wrote:
> On Wed, 2002-11-06 at 22:07, Michael P. Soulier wrote:
> > On 06/11/02 Bob Lockie did speaketh:
> > 
> > > I'm thinking of using scp to backup the contents of a machine.
> > > Is that unreasonable?
> > 
> >     I'd say so, since scp will copy everything regardless of whether it's
> > changed or not. I recommend rsync instead. 

> You can tunnel rsync over ssh, thus getting the same security as
> (keyless) ssh and the speed of rsync. 

I back up my systems using rsync over ssh, and I'm really happy
with it. I use this script:

    http://impressive.net/people/gerald/2000/12/30/backup-devo

run from cron once a week. I back up my laptop to my desktop daily,
and my desktop (incl laptop backup) to a remote system weekly.

Here is sample output from the script (which I receive by email):

    -------------------------------------------- 2002-10-28 01:30:02 EST ---
    Backing up devo:/home/cvsroot...
    Number of files: 34940
    Number of files transferred: 2642
    Total file size: 3634451222 bytes
    Total transferred file size: 38218491 bytes
    Literal data: 34090752 bytes
    Matched data: 4127739 bytes
    File list size: 628035
    Total bytes written: 78030
    Total bytes read: 34851251

    wrote 78030 bytes  read 34851251 bytes  27449.34 bytes/sec
    total size is 3634451222  speedup is 104.05

    -------------------------------------------- 2002-10-28 01:51:16 EST ---

(as you can see above, it only took 20 mins to back up 3.6 gigs
of data from home to my server in Boston over my DSL connection,
because rsync only transmitted the 38 megs of stuff that changed :)

In my script, 'isodate' is a shell script that does:

    date "+%Y-%m-%d %H:%M:%S %Z"

And $HOME/.ssh/creds contains my ssh credentials:

    mr-plow: gerald> cat .ssh/creds 
    SSH_AUTH_SOCK=/tmp/ssh-XX6pZh0e/agent.12345; export SSH_AUTH_SOCK;
    SSH_AGENT_PID=12345; export SSH_AGENT_PID;

which I update using "sh .ssh/update-creds":

    mr-plow: gerald> cat .ssh/update-creds 
    ssh-agent | grep -v ^echo > $HOME/.ssh/creds
    eval `cat $HOME/.ssh/creds`
    ssh-add

This is marginally more secure than the null passphrase method,
I think, because this only lets someone assume my identity if
they get access to my account while I have an agent running.

-- 
Gerald Oskoboiny <gerald at impressive.net>
http://impressive.net/people/gerald/

More information about the OCLUG mailing list