Remote ssh rsync linux backups with certificates and no passwords


Uber quick howto:  (based on Debian)
1. Make sure ssh, rsync and sudo are installed and working.
2. Add a user account,  on remote system.
2.a Add a certificate with openssl or ssh-keygen (look that up elsewhere)
2.b Make sure the cert is unencrypted with no password. Yes,  that is a slight security concern, HOWEVER, if you are very careful to secure that private key, you are ok.  In other words, don’t share it or let it out!
2.c Add your public key to your new users /home/username/.ssh/authorized_keys file.  (how to’s for this stuff are on the web)
2.d Test this user’s login and make sure it logs you in from your local machine.
3.  Now, this new user is unprivileged, so you need to use sudo for running the remote rsync command.  Add this to your remote machine /etc/sudoers file:

 nameofnewuser	remotemachinename=NOPASSWD:/usr/bin/rsync

Above, you replace with the appropriate names.

4. Copy your private key from the remote machine and save it on the local machine where you will be backing up to.  For example, save it in the local user’s .ssh directory.  /home/localuseraccount/.ssh/private.key

5. You need to create a script.  In the example below, I have an exclude.txt file also, so I can exclude directories and files.  Look that up in the rsync how-to’s.

#!/bin/bash
rsync -avz --rsync-path="sudo /usr/bin/rsync" 	

	--exclude-from=exclude.txt -e

 	"ssh -p 22 -i /home/localuseraccount/.ssh/private.key"

  	remoteuseraccount@remote.server.com:/ /backup/to/path

In case you didn’t catch that, the section above with the rsync command is all one line!