commandliners

Much like explained in a previous post, one can use a passwordless RSA key to set up a cron job doing an rsync of one’s computer on a remote server, via ssh.
The relevant part of the authorized_keys file is (everything in the same line):

command="rsync --server -vlogDtpr . /home/pfortuny/backup/",no-port-forwarding,
no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa .....

Taking into account that the -vlogDtpr depends on the specific options of the rsync command you issue. In my case, the script is simply (right now)

$ cat ./bin/backup.sh
#!/bin/sh
cd /home/pfortuny
/usr/bin/rsync -av -e "ssh -i /home/pfortuny/.ssh/backup_key" --filter ":
.rsync.dirs" \    ~/ pfortuny@remote.server.mine:"~/backup/"

Comments:

• The option -av is expanded to -vlogDtpr on the server, this is why the authorized_keys line contains the long version.
• The --filter ": .rsync.dirs" option tells rsync to load an ‘inclusion-exclusion’ file called .rsync.dirs, as per rsync’s man page. An excerpt of mine follows:

  $ cat .rsync.dirs
  + development/
  + maths/
  + .emacs
  - games/
  - /.*/
  - /**/.svn/
  

  (whose meaning should be obvious).

• You have to be careful in case someone steals your passwordless key, because he could then edit a local (on his computer) copy of the authorized_keys enabling that key to log in normally, and run the rsync command to get the .ssh directory updated, making your server accessible with that key. To prevent this, the easiest way is to chmod 0400 ~/.ssh/authorized_keys* on the server (assuming the configuration of sshd is the standard one, talk to your hosting provider first). And please, notice that you want to exclude your .ssh directory from the backup.

Recall that rsync is one of the best backup tools out there, and at the reach of your fingertips.