Backup solution Urbackup?

  • I am looking to backup all data on an OMV server to an OMV offsite location (via public Internet).

    Can anyone comment on whether Urbackup is reliable and safe. I dont think they encrypt traffic. Right?


    many thanks

    OMV4 on ProLiant N54L + 5 x 3.5'' WD/Seagate HDs

    OMV5 on Raspberry Pi4

  • I use Duplicati in docker for that. Alternative would be restic or a restic/rclone combo from CLI (no GUI available, I think). Depends on the protocol the offsite location supports.


    I think you would have to run UrBackup on the offsite location and the client installed on the OMV server to use it.

  • I am looking to backup all data on an OMV server to an OMV offsite location (via public Internet).

    You may be interested in this solution.

  • use rsync via ssh. It is easy to set up iif one of the servers is exposed to the internet port 22 (or whatever you use for ssh)

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

  • yeah. thats what I am currently investigating.

    I am struggling a bit with the exchange of encryption keys.

    I have an OMV host on both sides (source and destination) of the backup.

    Do you know how the SSH keys need to be setup in OMV?

    OMV4 on ProLiant N54L + 5 x 3.5'' WD/Seagate HDs

    OMV5 on Raspberry Pi4

  • Yes,

    First on source host as root create a ssh connection from source host to target host.

    1. Create ssh key file pair using ssh-keygen
    2. copy public key to target host using ssh-copy-id
    3. try to log in to the other host with a key ssh -i path/to/key root@target and accept the key

    In OMV:

    1. Import the key
    2. set up a rsync push job on source OMV

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

  • OK. They key installed at destination but when trying to connect SSH still asks me for password. Shouldn't that recognise the key automatically?

    OMV4 on ProLiant N54L + 5 x 3.5'' WD/Seagate HDs

    OMV5 on Raspberry Pi4

  • Found a missing step. The permissions on the destination must be manually set to:


    chmod -R 755 /.../homes/[user_name]

    OMV4 on ProLiant N54L + 5 x 3.5'' WD/Seagate HDs

    OMV5 on Raspberry Pi4

  • Yes, it should use the key automatically. What command line are you using to connect to target?


    ssh -i <path/to/private/key> root@target


    should work

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

  • Could you explain, how you are going to use the ssh / rsync?

    in my understanding, it has to raun as root (at least on the receiving side), so it is able to chown file to the correct owner / group.


    The home for root is /root on both sides (source and target) and the keys should be in /root/.ssh/<name_of_file_default_id_xxx and an authorized_hosts file should be there as well. Very narrow permissions for both. owned by the user (here root).


    Show me the exact commands you are using and an ls -l ~/.ssh and ssh -v -i <key_file> root@target ls -la ~/.ssh

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

  • I am not running as root on the destination.

    ssh -v -i <key_file> user1@target

    It works only after I made the Chown changes on the user1 folder.

    OMV4 on ProLiant N54L + 5 x 3.5'' WD/Seagate HDs

    OMV5 on Raspberry Pi4

  • It got the SSH encryption and automated rsync (OMV) to work.


    Important:

    The OMV setup for the rsync job (in the GUI) allows me to select 'key-authentication' but then it expects a key assigned in that menu. The keys to select from are NOT the SSH keys that are maintained in all the OMV user profiles. The SSH key for rsync has to be setup under OMV GUI-Certificates as a new SSH key pair. Now in order for that to be copied to the SSH destination host, ssh-copy-id must take the right SSH certificate. Interestingly, OMV saves the keys under /etc/ssh as files named [openmediavault...]

    OMV4 on ProLiant N54L + 5 x 3.5'' WD/Seagate HDs

    OMV5 on Raspberry Pi4

  • Is user1 a user created by OMV having a home dir?

    Then it may be necessary to give new permissions to the home.


    If you are not running as root at the destination, you will not be able to chown the transfered files tis may or may not matter.


    I am using a pull backups (target pulls) and have a special authorized_hosts for this:


    Code
    root@server05:/home/remote-backup/.ssh# cat authorized_keys
    command="/home/remote-backup/bin/validate-backup-cmd.sh" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZJNHgfOL80PoJRC9KQWGtebB2ny77ePVZNfWRVpIcJvDKUjGt3PZ/ot5Zk/4EKo9eh+VSUlScZTx1XBKf+tE2Dhj4eipYal3FXiN7qUQZTYo15pxr1WWjzErOd4TmtE9HS6WD68luqhj/cixD62h5B78h9OnIoJ5Sj1OxS+8bgCd1V/qqc6wk1GAy3zbA6p6IGbieJwi3VsUutMjHCoiKTn+NcO7Otyjtbsu839NW9aqp3GccQjflqlUsuV73Qdg+Izz8W9hHLDEPby8Rod6dULZb3omKaqq4idc8WpJIro1nwZbIgf4OcXwCPMe+iFPnPaeBqV7g5uReX8Y60vK41+ji0epCPmlA2VWA1HBG337m1ZktiE0oZ7J3sTZp57LC/5lpPTjQwamOPbT/+zXITcOdJQix4+cNtFsgziNWJ64ZVUv7t97esL7lK7srJHx9jpzSxYqe4tEae6a3/XNlG5g69ECzr8OCNitm6rG1TdwPrfBtKAtj9swv1eD8VdRtscW4q9vn+oqIwHUBWI6jqKVB968ULiYRAcPfEKlG2YQ4n/0q95Iot5JrcPSSr0pOyv1VSWUQYAF5SzBfqOLnRUaWMfuAOrZzuC4lGTFNPrY8NQX59YmpdwPMCEgsNEfNIy06BzALOVxDirNvF4g/sHh7rW2yfdR9G5WBYLgQ9Q== remote rsync backup


    Will only allow to execute a save rsnc command


    as root:


    Code
    root@server05:~# cat /etc/sudoers.d/remote-backup
    # remote backup
    # allow user remote-backup to execue rsync as root
    remote-backup    ALL= NOPASSWD:/usr/bin/rsync
    root@server05:~#



    I think something similair can be done with push backups too.

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

  • Important:

    The OMV setup for the rsync job (in the GUI) allows me to select 'key-authentication' but then it expects a key assigned in that menu. The keys to select from are NOT the SSH keys that are maintained in all the OMV user profiles. The SSH key for rsync has to be setup under OMV GUI-Certificates as a new SSH key pair. Now in order for that to be copied to the SSH destination host, ssh-copy-id must take the right SSH certificate. Interestingly, OMV saves the keys under /etc/ssh as files named [openmediavault...]

    That'S what I meant with in OMV import the key. You do not have to create on inside OMV, but you can import an existing one.

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

  • Now the last step before sending real data across the Internet would be for me to test if the traffic of my new SSH tunnel is actually encrypted.

    Do you know how to test this?

    I think I once saw something about reading the SSH status messages at the destination during a tunnel transfer.

    Have you tried any tests?

    OMV4 on ProLiant N54L + 5 x 3.5'' WD/Seagate HDs

    OMV5 on Raspberry Pi4

  • ssh os allways encrypted. Use the -v flag to ssh to see log messsges

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!