rsync is a file transfer program for Unix systems. rsync uses
the "rsync algorithm" which provides a very fast method for
bringing remote files into sync. It does this by sending just
the differences in the files across the link, without requiring
that both sets of files are present at one of the ends of the
can update whole directory trees and filesystems
optionally preserves symbolic links, hard links, file ownership,
permissions, devices and times
requires no special privileges to install
internal pipelining reduces latency for multiple files
can use rsh, ssh or direct sockets as the transport
supports anonymous rsync which is ideal for mirroring
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 203kB of archives.
After unpacking 373kB of additional disk space will be used.
http://mirror.ox.ac.uk stable/main rsync 2.6.4-6 [203kB]
Fetched 203kB in 0s (340kB/s)
Selecting previously deselected package rsync.
(Reading database ... 34227 files and directories currently
Unpacking rsync (from .../rsync_2.6.4-6_i386.deb) ...
Setting up rsync (2.6.4-6) ...
rsync daemon not enabled in /etc/default/rsync
After installing rsync you need to enable rsync in this file
/etc/default/rsync,edit this file
and you need to change the line following line
and now you need to restart the rsync daemon using the following
If you want to install ssh in debian you need to click here
After installing rsync and ssh we need to create key for the
user who will be doing the backup on the source machine i will
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
when asked where to store it, put it in the default (ie, /root/.ssh/id_rsa)
when asked for a password, just press enter (ie, no password).
Note, this is a security hole do it again the second time.
and now we have a key with no password in the two files
mentioned above. Make sure that no other unauthorized user can
read the private key file (the one without the '.pub'
This key serves no purpose until we put the public portion into
the 'authorized_keys' file on remotehost, specifically the one
Now, go into /root/.ssh and copy the file id_rsa.pub to the
target machine. Put it in the file ~/.ssh/authorized_keys
(create it if necessary)
use scp to get the file over to target machine
# scp ~/.ssh/id_rsa.pub root@remotehost
#ssh-copy-id -i ~/.ssh/id_rsa.pub root@remotehost
Now, try to ssh to that machine again. If you did it correctly,
it will automatically log you in this time. Note: If you are
root on the source machine (so you can access all files), you do
not have to be root on the target machine, you can put the "authorized_keys"
file in a user's account. In that case, you would ssh by doing
an ssh username@targetmachine and it will still log in.
Now, on the source machine, try to run the rsync command. Here
is one of my commands, the one that backs up /etc. Note I am
using the long format so I can see what I'm doing later, instead
of a lot of single character flags.
This will backup everything from /etc into /home/backup/thismachine/etc
on targetmachine, as user root. Adding --list-only will simply
show you the list of files to be copied instead of actually
copying the files, which is good for testing.
Note, the source definition of /ect DOES NOT HAVE A TRAILING /.
This must be the case. It is a weird thing about rsync.
Basically, if you do put a trailing slash, the contents of /etc
are copied to the target. If you do not, the directory /etc and
its contents are copied, ie it will create the directory /etc on
the target machine.
This is only sample script and sample rsync options if you want
to know more rsync options check rsync
Once this is working, create a script to be run that will do the
backups. I call mine "backup.sh" because I have no imagination,
and I put it in /root/bin. You must secure the script, ie it
must be read/write/executeable only by root. It is a dangerous
You need to run this script daily for your backups for this you
need to schedule this using cron
Now, to secure the site down. First, if you do not have physical
access to the target machine, make one ssh connection to it and
do not let that connection go. These next commands run the
possibility of locking the account out.
On the target machine, log in (a different login, leave the
above safety ssh session alone) and create one file. I put it in
/root, and make it read/write/execute only by root.
end of script
This script is the one that will validate the automatic
connection is only doing what it is supposed to.
The first line, echo $SSH_ORIGINAL_COMMAND >> /root/ssh.log,
echos the command to the file /root/ssh.log, which not only
tells you what is going on, but allows you to troubleshoot
reject any commands with an ampersand (&) and a semi-colon (;)
The third line does a grep comparison with the command coming in
to see if it is the correct one. I found this by running the
command on the source machine, then looking at the ssh.log on
the target machine.
The final line says "reject anything else"
Since I have three separate commands I execute on my backup, I
actually have three different rsync commands I allow in on this
Now, go into the .ssh directory and open the authorized_keys
file. Find the line that has the key for your source machine. It
will look something like this:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwWMo+ayeUWMf (whole
bunch of other stuff follows. Yours will be different)
Add the following to the beginning of the line
(there must be a space). The line now looks like:
AAAAB3NzaC1yc2EAAAABIwAAAIEAwWMo+ayeUWMf (whole bunch of
other stuff follows. Yours will be different)
This tells the ssh program to allow a login using this key, but
only allow a single command to be given (no interactive shell)
and validate the command using /root/validate_rsync
Now, from the source machine, try running the rsync command. It
should work. DO NOT log out of the other shell above unless you
have physical access to the machine.
Finally, for increased security, if you are using root on the
target machine, do the following:
edit /etc/ssh/sshd_config. Find the line that reads "PermitRootLogin"
and edit it as follows:
This means that root can not log in interactively (a good policy
in the first place). I also set
on all my other machines.
This is oneway of getting rsync working and there is anotherway
using rsync using rsyncd.conf file
If you want Rsync web interface or GUI tools