Looking for help with setting up backup via rsync

Mg344 · October 28, 2022, 8:22am

To be honest, actually I do not think this is an issue with MIAB, but with my sshd setup. But I am hoping someone more experienced than me could help me here?

I am trying to rsync from the MIAB VPS to my local physical back-up server which has a DynDNS service running.

I have copied over the public key from the admin page to the user directory of the target. Running ssh -vvv I get some info, but do not know what to make of it: It seems it does not even look in ~/.ssh/authorized_keys as suggested by the admin page?

[...]
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug3: no such identity: /root/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa
debug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /root/.ssh/id_ecdsa_sk
debug3: no such identity: /root/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519
debug3: no such identity: /root/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /root/.ssh/id_ed25519_sk
debug3: no such identity: /root/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /root/.ssh/id_xmss
debug3: no such identity: /root/.ssh/id_xmss: No such file or directory
debug1: Trying private key: /root/.ssh/id_dsa
debug3: no such identity: /root/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.

alento · October 28, 2022, 4:30pm

Personally, I have never tried MiaB’s built in rsync, so I cannot really comment on it.

However, I do daily rsync backups of my MiaB’s /home/user-data/backup/encrypted/ directory by pulling the backups from the backup server’s end.

I am in the process of writing a guide to how it is done – IF I can quit being interrupted by other things.

miabuser · October 28, 2022, 4:35pm

@Mg344 I would also recommend pulling the backups. That way you don’t have to open the SSH port on your home internet connection / home NAS.

Mg344 · October 28, 2022, 11:36pm

Thank you for the advice everyone. I will do direct rsync then. I did not like that the official way seems to work only on port 22 in any case.

Mg344 · October 30, 2022, 2:11pm

FWIW, here is what I got so far. Seems to work ok.

rsync steps pulling /home/user-data/backup/encrypted from MIAB to backup server (using a non-standard port)

Made an user on both MIAB and backup server and changed to that user.

On the backup server:
cd ~ && ssh-keygen -t rsa -b 4096
reference

On the backup server (upload created public key to MIAB):
ssh-copy-id -p 12345 mail-in-a-box-backup-ssh-user@111.111.111.111
reference

It will show a request to try to test the connection, with suggested parameters.

On the backup server since we are pulling the syntax is:
Pull: rsync [OPTION...] [USER@]HOST:SRC... [DEST]
(man rsync)

All-in-one command:
rsync -acvz -e 'ssh -p 12345' --progress mail-in-a-box-backup-ssh-user@111.111.111.111:/home/user-data/backup/encrypted ~/mail-in-a-box_backup
-e = specify remote shell + port
-a = recursion and preserve almost everything
-c = check whether to copy based on checksum
-v = verbose (removed after testing)
-z = compress
–progress (removed after testing)
(man rsync)

add a cronjob

crontab -e

0 0 * * * rsync -acz -e 'ssh -p 12345' mail-in-a-box-backup-ssh-user@111.111.111.111:/home/user-data/backup/encrypted ~/mail-in-a-box_backup

Mg344 · October 30, 2022, 2:40pm

I think adding the --delete option to the command, is probably a good idea, to keep in sync with file removal on the MIAB. But I’ll sleep over it first

--delete delete extraneous files from dest dirs

tkforbes · November 4, 2022, 1:36am

The -c option (checksum) can be dropped safely. The overhead of creating a checksum on every file is quite high, especially on low-powered VPS servers that are typically used for personal MIAB installations. Without -c, rsync uses the filesystem attributes (timestamp, file size) to instantaneously detect a change; no CPU overhead.

Personally, I disabled MIAB backups but use rsync to fetch /home/user-data to a separate, dedicated backup server. Daily backups are archived in zfs snapshots on that server for 30 days.

eXTric · November 4, 2022, 8:48am

If you have a “more advanced” router you can also opt to only open port 22 for the IP of your VPS. This way you can safely use the standard miab backup functionality. I have this setup to push backups to my synology nas via duckdns.

system · November 11, 2022, 8:48am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.