Jacob Emcken

There is no silver bullet

Dirvish backup through ssh tunnel

For some time now I have been trying to switch to Dirvish (from rdiff-backup) mostly because you can use a limit bandwidth which is a very important factor for me. The following is an example of configuring dirvish to use a ssh tunnel to backup through.

I assume you have created a master config file /etc/dirvish/master.conf. Lets jump right into configuring a vault /dirvish/default.conf:

client: root@localhost
tree: /
xdev: 0
index: gzip
image-default: %Y%m%d
exclude:
    var/cache/apt/archives
    var/cache/man
    tmp
    var/tmp

Note: xdev needs to be 0, not false, no, off or anything like it. (I was tricked by this because the dirvish for Debian guide uses the value true for xdev which AFAIK is wrong.

All this until now is standard dirvish stuff. Now comes the tunnel part:

pre-server: ssh -f -L 20014:rivendell:22 root@fw.emcken.dk sleep 14400
rsh: ssh -o HostKeyAlias=1114 -p 20014

pre-server is a command to run before the backup starts. The command above will create a ssh tunnel through fw.emcken.dk to rivendell on port 20014 and go into the background. The sleep 14400 keeps the tunnel open for 4 hours when idle. Don’t worry!… your backup won’t be terminated if it is still in progress after 4 hours. The tunnel will be kept open for as long as the runnel is in use. The remote execution is just an ugly hack to ensure that the tunnel is automatically closed after use.

rsh is the important stuff. The -o HostKeyAlias=1114 makes us able to connect to localhost without being told that someone might be trying to do a ‘man-in-the-middle attack’ and refuse to connect to the tunnel. But to use HostKeyAlias we need to specify this in /root/.ssh/config more on this further down. -p 20014 specifies the port we want to connect to.

The following might be useful when making backups over the internet:

zxfer: true
speed-limit: 90

zxfer compress all data transmitted and speed-limit limits the bandwidth that dirvish will use.

Now to complete the setup the machine being backed up is defined in /root/.ssh/config:

Host rivendell
Port 20014
HostKeyAlias 1114

This is placed in root’s home dir because (on my system) root (cron) runs my backups. It is possible to create a separate user for it but I didn’t think it nessesary.

Now when you have copied your public ssh key to the machine that is going to be backed up, you are all set.

Dirvish backup through ssh tunnel
© 2005 by Jacob Emcken is licensed under CC BY-SA 4.0 Creative Commons Logo Creative Commons Attribution icon Creative Commons Share Alike icon