BackupPC on Linux

BackupPC on Linux and other Unices works by fetching or restoring backups via SSH using rsync as transport format. The server logs into the computer using a private SSH key. The according public key needs to be installed on the computer which should be backed up. See below for detailed instructions.

Configuring DHClient to send a hostname

If you don't have a static IP address, add to your dhclient.conf (look for it in /etc/ or /etc/dhcp*/) the following line:

send host-name "your-prefered-hostname-without-domainname";

where your-prefered-hostname-without-domainname is a unique hostname you'd like to see in front of ".dhcp.phys.ethz.ch".

Backing Up a Single Directory

The default case is to back up a single directory containing ETH data (we recommend ~/ETH-Data/ on private laptops) or the home directory of a single user working on that machine (on ETH-owned computers).

Add the public key to the .ssh/authorized_keys file of the user owning the files which should be backed up, e.g. being logged in as this user, issue the following commands:

mkdir -pv ~/.ssh
curl -k https://backuppc.phys.ethz.ch/key/authorized_keys_backuppc.phys.ethz.ch >> ~/.ssh/authorized_keys
chmod -Rc go-rwx ~/.ssh/

If curl does not exist on your machine, you can also use a web browser or try wget instead:

mkdir -pv ~/.ssh
wget -O- -q --no-check-certificate https://backuppc.phys.ethz.ch/key/authorized_keys_backuppc.phys.ethz.ch >> ~/.ssh/authorized_keys
chmod -Rc go-rwx ~/.ssh/

Make sure that this user is able to log in via SSH, e.g. that an SSH daemon is running. If you can't log in via SSH and you are not the administrator of the computer, ask him to enable the SSH login for at least your user.

Backing Up a Whole Computer or Multiple Home Directories

In this case the backup server needs to login as root on the computer which should be backed up.

Create the directory /root/.ssh/ if it doesn't exist yet.

mkdir -pv /root/.ssh

Add the contents of https://backuppc.phys.ethz.ch/key/authorized_keys_backuppc.phys.ethz.ch to the file /root/.ssh/authorized_keys --- create the file if it does not exist yet.

curl -k https://backuppc.phys.ethz.ch/key/authorized_keys_backuppc.phys.ethz.ch >> /root/.ssh/authorized_keys

or

wget -O- -q --no-check-certificate https://backuppc.phys.ethz.ch/key/authorized_keys_backuppc.phys.ethz.ch >> /root/.ssh/authorized_keys

File and directory must not be writable by any other user than root:

chmod -Rc go-rwx /root/.ssh/

The user root must be able to log in via SSH. See the Option AllowUsers in the manual page sshd_config(5) for details on how to enable root login via SSH:

man sshd_config

Please tell us upon registration if only specific partitions should be backed upp and the backup system should not cross partition borders on backup and restore, e.g. if you often have network file systems mounted somewhere outside /mnt/.

SSH Troubleshooting

If the BackupPC server can't log in via SSH, check the following things:

Check the owner of the relevant files and directories

  • All must belong to the user which will login: ls -ld ~/.ssh/authorized_keys ~/.ssh ~
  • Use chown to fix them, e.g. chown -c $USER ~/.ssh/authorized_keys

Check the permissions of the relevant files and directories

  • all must not be writable by anyone else than the user: ls -ld ~/.ssh/authorized_keys ~/.ssh ~
  • Use chmod to change the permissions, e.g. chmod -c 600 ~/.ssh/authorized_keys

Check if SELinux prevents access to the authorized_keys file

Signs that SELinux fumbles with sshd's access to authorized_keys are messages like

kernel: type=1400 audit(1335971634.547:87): avc: denied { read } for pid=3654 comm="sshd" name="authorized_keys" dev=sda6 ino=280302 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file

in /var/log/messages, /var/log/syslog or /var/log/kern.log.

Finally register the computer with us

After you've done all the steps above, you need to send us all the relevant information.