Posted by martijnvanb on Thu 27 Mar 2008 at 10:07
This HOWTO will describe how to install BackupPC and how to create a simple backup using backuppc. BackupPC can offer a nice solution for both simple and complex backups.
I will describe how to backup one client with rsync and ssh with key-based authentication. We will create a special user which uses sudo powers to read the whole filesystem.
By using a combination of rsync/ssh and BackupPC we will create a fast secure and reliable backup system.Some information about the computers I used
Both machines have Debian Lenny installed, but I think most flavours will do.
One machine is called aikido with ip address 192.168.1.1 we will use this machine to install the BackupPC server upon.
The other machine is called hapkido, we will use this as a backup client, this machine has ip address 192.168.1.2. On this client we will need to place our public key and create a special user.
Both names are resolvable in my own DNS, if you can't resolve your own hostnames, you can add them to your /etc/hosts file or use IP adresses.
We are going to install BackupPC with the following command:
aikido:~# aptitude install backuppc
You will have to answer some question, one about which webserver you will use, most likely this will be apache or apache2. Backuppc will create a default user "backuppc" with a random password write it down, you will need it later!Changing the backuppc password
If you forget the password or you want a other password you can change it with:
aikido:~# htpasswd /etc/backuppc/htpasswd backuppc New password: Re-type new password: Updating password for user backuppc
We need to create a ssh-key pair for the backuppc user which we will use to connect to our client.
We will create a key pair without a passphrase.
aikido:~# su - backuppc backuppc@aikido:~$ ssh-keygen -t rsa -C "backuppc" Generating public/private rsa key pair. Enter file in which to save the key (/var/lib/backuppc/.ssh/id_rsa): Created directory '/var/lib/backuppc/.ssh'. Enter passphrase (empty for no passphrase): Leave this empty! Enter same passphrase again: Leave this empty! Your identification has been saved in /var/lib/backuppc/.ssh/id_rsa. Your public key has been saved in /var/lib/backuppc/.ssh/id_rsa.pub. The key fingerprint is: 96:6e:b0:ee:09:06:e9:82:e4:f9:68:21:06:f3:85:a5 backuppc@aikido
The server is now setup.
Now we will need to install rsync (and sudo if it wasn't installed):
hapkido:~# aptitude install sudo rsync
We will also need to add a special user with rsync super powers.
First we will add the user backuppc:
hapkido:~# adduser backuppc
Lets give backkuppc some superpowers!
hapkido:~# echo "backuppc ALL=NOPASSWD: /usr/bin/rsync" >> /etc/sudoers
This will add a line to the sudoers file which will allow the user backuppc to run rsync with root privileges without entering a password, this is needed for a full backup.
Back to the server
We need to copy the public key to the client hapkido.
backuppc@aikido:~$ ssh-copy-id backuppc@hapkido The authenticity of host 'hapkido (192.168.1.2)' can't be established. RSA key fingerprint is 15:c0:63:cf:af:74:c4:23:a6:f5:b4:80:ce:3b:0f:30. Are you sure you want to continue connecting ( yes /no) backuppc@hapkido's password:
Now try logging into the machine, with "ssh backuppc@hapkido", and check in ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
This would be a good time to see if our key is being accepted. We should be able to make a connect without a password/passphrase:
backuppc@aikido:~$ ssh backuppc@hapkido
We will add an extra line to ~/.ssh/authorized_keys. This option makes it possible to connect from only one host(aikido). This will improve security a bit:
backuppc@aikido:~$ vi ~/.ssh/authorized_keys
Add "from='aikido'" before ssh-rsa, this should make the start of the file look like this:
from="aikido" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvWh3e
Now we are almost done, let's browse to http://aikido/backuppc, and login with the username backuppc and the given password
Let's add our client to our backup:
Congratulations you are now ready to start your first backup:
That wasn't so hard right!