In an effort produce an automated backup process where Windows workstations PUSH their backup data to a Linux server running a Samba Server CentOS 5.3. In typical fashion from the searches that I have performed there is poor, sportatic, incomplete and non-detailed information regarding how to set up Delta Copy clients to run against a Linux server with zero intervention from the end-user. The objective here is to:

1) Provide an automated backup process where user workstations are backed up automatically to a Linux server without pushing all the users data with each backup.

• DeltaCopy is a suitable choice since it provides a simple UI for a non-technical user to initiate and automate backups.
• Provides an 'rsnapshot' type backup eliminating wasted space by copying only changed data.

2) Create a secure connection between client and the server via SSH.
3) Provide reporting as to the success/failure of the backups.
4) Allow for remote backups to function via a VPN connection to the server.
5) Use open source software to accomplish this task.

So, with that being said, the process should be broken down into the following steps:

1. Create user accounts on the Linux server for each user who is planning to backup.
2. Make sure that the user has write permissions, etc on the server (My plan is to use their user directory created on it own partition /home/~user/deltacopy/ as the backup location.)
3. Create rsa keys for a secure ssh connection.
4. Install cygwin on each Windows Client
5. Install DeltaCopy on each Windows Client
6. Copy and rename rsa keys to their proper locations and apply proper permissions.
7. Test ssh connection via cygwin command line.
8. Create backup profiles in Delta Copy
9. Execute Backup for the first time (will take a long time).
10. Schedule backups to run automatically on a daily basis.

My home partition sits on a RAID5 array.

Client Side Setup:

I am going to need to install the following software products on each client machine:

- cygwin
- Delta Copy

The documentation for each of these opensource products exists, but is poorly organized. It has taken me quite a bit of time to research how to perform this install. What is important to note this document is a guide for how to put together a Windows to Linux environment. This will not work the other way. If you want to perform other backup scenarios please do your homework. For Linux to Linux I use rsnapshot. For Windows to Windows straight Delta Copy Client/Server would work.

Also, as much as I would like to take credit for the instructions detailed here, I can not. I have pulled information from multiple sources and will provide credit where credit is due.

Windows Client Setup Procedure:

To make it work smoothly, ssh keys must be generated locally for each different Windows user and transferred to the remote server as explained in Scp Batch Mode, otherwise a password will be asked stoping the execution. That's why also ssh-keygen is included in that package.

To transfer the generated keys to the server you may want to use scp, which is also included, but this will require a trick for running if you do not have cygwin already installed: create a diretory \usr\bin, and copy there ssh.exe (that's the location where scp expects ssh to be).

In the Scp Batch Mode instructions you can read that the remote authorized_keys file must be read/writeable only by the owner. The same applies to the private key that remains in your local computer after it's generated by ssh-keygen (the one without the .pub extension). In case you have problems concerning that file permissions, you can use chmod (also included) to change them to 600 with chmod 600 ~/.ssh/id_dsa or something like that.

All that should be enough to directly run rsync.exe, but you would have to learn how to use it and apply the correct options and directory syntax. To avoid that, programs like DeltaCopy act as an user-friendly interface. In any case what they basically do is building the options up to pass them to rsync.exe. Keep reading, but don't be surprised if after a while you decide not to use DeltaCopy at all and include a call to rsync.exe with all the necessary options in a .bat file that you can launch directly. (See Rsync Sils for an example).

After all this, we are ready to configure the DeltaCopy client and start tranferring.

First, please have installed both cygwin and Delta Copy Client to your Windows clients. We are going to create public/private key pair on each Windows client machine that will connect to the Linux server. The private key will remain on your Windows client and the public key will be coppied to the Linux server. The keys will allow for quick and secure connections between your Windows and Linux machines. It takes a bit of work to get things set up, but once they are set up properly you will encounter few issues.

Process for creating public/private keys (process taken from here.)

• Download CYGWIN from http://www.cygwin.com. Although DeltaCopy comes with cygwin1.dll, you will need additional .DLLs and a couple of .EXE files.
• If the version of newly downloaded cygwin1.dll is newer than what comes with DeltaCopy, replace the older DLL with the newer one.
• Start BASH - this is the console for CYGWIN
• Type "ssh-keygen". If you get a command not found error, you need to download the SSH module for CYGWIN.
• Press Enter until you are returned to a BASH command prompt
  

• VERY IMPORTANT: When asked to enter passphrase, just hit enter. DO NOT specify a password.
• This should create two files id_rsa & id_rsa.pub (sshkey and sshkey.pub) in
  C:\cygwin\home\~user\.ssh folder.
• id_rsa is your private key, where as id_rsa.pub is your public key.
• Copy your public key (id_rsa.pub) to your Linux/UNIX machine using FTP or other similar mechanism. Your public key should be copied to $HOME/.ssh directory. If the .ssh directory does not exist, create it. Rename the file from id_rsa.pub to authorized_keys.(the actual file name should be authorzized_keys - /home/~user/.ssh/authorized_keys .

IMPORTANT, make sure the folder permissions for /home/~user/.ssh/authorized_keys are set to read across all permissions.

Go to C:\Program Files\cygwin\bin
Copy the following files to C:\Program Files\DeltaCopy
Overwrite older versions if necessary

Use: scp -P <PORT#> <File Name> user@host:/directory-path/file-name 

Additional SSH Key Installation Notes

Running SCP in batch mode

This section was snagged from here.

SCP (Secure CoPy) and SSH in general can be used in batch mode without asking for passwords. That is very convenient for scripts.

Instructions to do so are a little ambiguous in different places . (See some references below). This worked in my case, using OpenSSH both in the server and the client.

Procedure

1. In these instructions, the user name is the same in both machines. Instructions for different user names could differ from these (but see note below!)

2. The user keys will be stored in ~/.ssh in both machines.

3. At the client, run 'ssh-keygen -t dsa' to generate a key pair. Accept default options by pressing return. Specially, do not enter any passphrase. (Option -d seems to be an alias of -t dsa in some platforms).

4. Change the permissions of the generated .pub file to 600 by commanding chmod 600 id_dsa.pub

5. Copy the public key to the server with scp id_dsa.pub 'user@server:~/.ssh/authorized_keys'. (Caution: if that destination file already exists on the server, copy first to a different file foo and then append the contents with cat foo >> authorized_keys executed on the server).

6. Done! Verify that now you can connect directly from the client with ssh user@server without being prompted for a password or essays

7. If it doesn't work, verify that in the server your home directory, the ~/.ssh subdirectory, and the authorized_keys file do not have writing permissions to others. If they do, they won't be considered to grant access. You can correct this with something like:

 chmod 755 ~ 0
 chmod 700 ~/.ssh
 chmod 600 ~/.ssh/authorized_keys

8. If it still doesn't work, try changing the authorized_keys file name to authorized_keys2, or ask your system administrator what file name is ssh actually using.

9. If it worked, you can now run SCP in batch mode with the -B option, as in scp -B foofile 'user@server:~/foodir/'.

Notes

The name of the server must have been registered in the known_hosts. This can be done with a regular (with password) ssh connection, and accepting the host as known. Then, the host name should be the same as the one accepted! If you used user@server first, do not use user@server.domain.tk later on!

SSH protocol 2 is assumed in this procedure (it uses dsa keys). If your ssh configuration files (at /etc/ssh/) do not establish this as a default, you may have to force it with the -2 option of the ssh and scp. Moreover, if the default public key is not configured to be "id_dsa.pub" you can specify what key to use for identification with the -i option.

The same procedure worked fine when the username was different in both machines. I simply copied userA's public key at the end of userB's authorized_keys file, then I could login from my client as userA with ssh userB@server.

References

• http://www.atmos.albany.edu/facstaff/rmctc/ssh2/brandenb-Ssh.html
• OpenSSH manual

cygcrypto-0.9.8.dll
cygminires.dll
cygpopt-0.dll
cygz.dll
ssh.exe

The final location should be

C:\Program Files\DeltaCopy\cygcrypto-0.9.8.dll
C:\Program Files\DeltaCopy\cygminires.dll
C:\Program Files\DeltaCopy\cygpopt-0.dll
C:\Program Files\DeltaCopy\cygz.dll
C:\Program Files\DeltaCopy\ssh.exe

Perform the following steps to test the ssh connection (be sure to replace root@192.168.0.12 with your username and server name):

Configure DeltaCopy

• Start DeltaCopy client and create a new Profile. The value for Virtual Directory corresponds to a directory off of the user's home directory on your Linux/UNIX machine.
• Click on the Options tab
• Check Connect via SSH
• Type the following in the Additional Parameters" text box
  -e "ssh -l yourLoginName -i sshkey"
  Replace yourLoginName with your actual login name on your Linux/UNIX machine.

In my case my Linux server's ssh daemon listened on a non-standard port so I had to specify a port number in my ssh command -p PORT#

-e "ssh -p PORT# -l yourLoginName -i sshkey"

Vista clients will throw a "permission denied" error related to symbolic links in the user's "Documents" folder (if you simply tell deltacopy to copy the top level Documents folder)... To avoid that error use the following options command with exclude:

use: --exclude="**/My*" --exclude='*.lnk' -e "ssh -p <PORT#> -l <username> -i id_rsa"  (copy id_rsa from the user's cygwin /home/~user/.ssh/ to the deltacopy program directory).

When you are ready to run DeltaCopy for the first time watch your secure log for permissions errors. I ran into permissions errors when I was attempting to make a connection for the first time. When I was attempting to make a connection my server threw the following error:

sshd[31884]: Authentication refused: bad ownership or modes for file /home/~user/.ssh/authorized_keys

I had to enable read permissions to the folder /home/~user/.ssh

Rsync backup with Vista

10/29/2008

Charles Roth

Introduction: the problem

• I want to do rsync style backups from Windows PCs, to my linux server, and do it with a minimum of hassle.  (E.g. from my wife's laptop.)
• Previously (under Windows XP), I messed about with Cygwin, but it's a huge pain to get Cygwin working under <sigh/> Windows Vista.
• There's an interesting-looking tool called "DeltaCopy", that is supposed to be a user-friendly wrapper around rsync.  While it appears to work nicely when backing-up a Windows client to another Windows server, I could not convince it to talk rsync/ssh to my linux server.

Solution
Looking under the hood of DeltaCopy, I found that it already contains all the key parts of Cygwin needed to do rsync vis ssh -- no additional Cygwin install is needed.  So some very simple hacking, and one batch file, are all that is needed to get rsync backup working.

1. Download and install DeltaCopy.  Do not enable the DeltaCopy server, we're only going to use pieces of the client.  (We won't actually use the provided DeltaCopy client, either.)
2. Create keys.  On the linux server, create a new key with ssh-keygen.  Just type "ssh-keygen", and press Enter at all the prompts.  (In particular, you must use an "empty" passphrase.)
3. Copy keys to DeltaCopy folder.  From the linux server, copy .ssh/id_rsa to C:\Program Files\Synametrics Technologies\DeltaCopy\sshkey.  Similarly, copy .ssh/id_rsa.pub to C:\Program Files\Synametrics Technologies\DeltaCopy\sshkey.pub.
4. Copy public key to linux userid.  Copy the id_rsa.pub key to .ssh/authorized_keys in the target userid on the (to-be-backed-up-to) linux server.  Make sure that .ssh has "700" permission.
5. Create backup batch file.  The backup will be performed by a Windows batch file, that needs no user interaction (other than to start it).  The specifics depend on exactly what is being backed-up where. 

   For example, suppose I wish to backup the Windows Vista user jdoe's Documents directory, to the userid "backupjdoe" on the linux server myhost.com.  I would create a batch file, e.g. "backup.bat", that looks like:

      cd \Program Files\Synametrics Technologies\DeltaCopy
      rsync -avz -e "ssh -i sshkey" /cygdrive/c/Users/jdoe/Documents backupjdoe@myhost.com:.
   

6. Run as Administrator.  Depending on exactly what you are backing-up, you may find it necessary to run the batch file with full Administrator rights.  To do so:
   
   1. Create a shortcut from the batch file, onto the desktop.
   2. Right-click on the shortcut.
   3. Select "Advanced".
   4. Check "Run as Administrator".
7. Scheduling automatic backups.  More to come on this one...

Feedback
Ola Lindberg notes:

I used to run Rsync on my WinXP box but since I moved to Vista I had some problems using it (for example international chars would fail) so I looked around and found Robocopy.  If you are running into Rsync-Vista problems and you can set up your computers to copy to a file share (smb) instead of via ssh I think robocopy would work fine for you as well.

I use the following to copy my files with Robocopy: robocopy source destination /MIR

DEBUGGING