I am looking to backup all data on an OMV server to an OMV offsite location (via public Internet).
Can anyone comment on whether Urbackup is reliable and safe. I dont think they encrypt traffic. Right?
many thanks
I am looking to backup all data on an OMV server to an OMV offsite location (via public Internet).
Can anyone comment on whether Urbackup is reliable and safe. I dont think they encrypt traffic. Right?
many thanks
I use Duplicati in docker for that. Alternative would be restic or a restic/rclone combo from CLI (no GUI available, I think). Depends on the protocol the offsite location supports.
I think you would have to run UrBackup on the offsite location and the client installed on the OMV server to use it.
I am looking to backup all data on an OMV server to an OMV offsite location (via public Internet).
You may be interested in this solution.
Wirecard is very difficult to setup and I only need the tunnel for the few minutes of the backup.
use rsync via ssh. It is easy to set up iif one of the servers is exposed to the internet port 22 (or whatever you use for ssh)
yeah. thats what I am currently investigating.
I am struggling a bit with the exchange of encryption keys.
I have an OMV host on both sides (source and destination) of the backup.
Do you know how the SSH keys need to be setup in OMV?
Yes,
First on source host as root create a ssh connection from source host to target host.
In OMV:
OK. They key installed at destination but when trying to connect SSH still asks me for password. Shouldn't that recognise the key automatically?
Found a missing step. The permissions on the destination must be manually set to:
chmod -R 755 /.../homes/[user_name]
Yes, it should use the key automatically. What command line are you using to connect to target?
ssh -i <path/to/private/key> root@target
should work
This command doesnt work unless I change permissions via
chmod -R 755 /.../homes/[user_name]
In OMV:
Import the key
OMV GUI doesn't have 'root' as user to import the certificate.
Do you know how to do it via CLI?
Could you explain, how you are going to use the ssh / rsync?
in my understanding, it has to raun as root (at least on the receiving side), so it is able to chown file to the correct owner / group.
The home for root is /root on both sides (source and target) and the keys should be in /root/.ssh/<name_of_file_default_id_xxx and an authorized_hosts file should be there as well. Very narrow permissions for both. owned by the user (here root).
Show me the exact commands you are using and an ls -l ~/.ssh and ssh -v -i <key_file> root@target ls -la ~/.ssh
I am not running as root on the destination.
ssh -v -i <key_file> user1@target
It works only after I made the Chown changes on the user1 folder.
It got the SSH encryption and automated rsync (OMV) to work.
Important:
The OMV setup for the rsync job (in the GUI) allows me to select 'key-authentication' but then it expects a key assigned in that menu. The keys to select from are NOT the SSH keys that are maintained in all the OMV user profiles. The SSH key for rsync has to be setup under OMV GUI-Certificates as a new SSH key pair. Now in order for that to be copied to the SSH destination host, ssh-copy-id must take the right SSH certificate. Interestingly, OMV saves the keys under /etc/ssh as files named [openmediavault...]
Is user1 a user created by OMV having a home dir?
Then it may be necessary to give new permissions to the home.
If you are not running as root at the destination, you will not be able to chown the transfered files tis may or may not matter.
I am using a pull backups (target pulls) and have a special authorized_hosts for this:
root@server05:/home/remote-backup/.ssh# cat authorized_keys
command="/home/remote-backup/bin/validate-backup-cmd.sh" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZJNHgfOL80PoJRC9KQWGtebB2ny77ePVZNfWRVpIcJvDKUjGt3PZ/ot5Zk/4EKo9eh+VSUlScZTx1XBKf+tE2Dhj4eipYal3FXiN7qUQZTYo15pxr1WWjzErOd4TmtE9HS6WD68luqhj/cixD62h5B78h9OnIoJ5Sj1OxS+8bgCd1V/qqc6wk1GAy3zbA6p6IGbieJwi3VsUutMjHCoiKTn+NcO7Otyjtbsu839NW9aqp3GccQjflqlUsuV73Qdg+Izz8W9hHLDEPby8Rod6dULZb3omKaqq4idc8WpJIro1nwZbIgf4OcXwCPMe+iFPnPaeBqV7g5uReX8Y60vK41+ji0epCPmlA2VWA1HBG337m1ZktiE0oZ7J3sTZp57LC/5lpPTjQwamOPbT/+zXITcOdJQix4+cNtFsgziNWJ64ZVUv7t97esL7lK7srJHx9jpzSxYqe4tEae6a3/XNlG5g69ECzr8OCNitm6rG1TdwPrfBtKAtj9swv1eD8VdRtscW4q9vn+oqIwHUBWI6jqKVB968ULiYRAcPfEKlG2YQ4n/0q95Iot5JrcPSSr0pOyv1VSWUQYAF5SzBfqOLnRUaWMfuAOrZzuC4lGTFNPrY8NQX59YmpdwPMCEgsNEfNIy06BzALOVxDirNvF4g/sHh7rW2yfdR9G5WBYLgQ9Q== remote rsync backup
Will only allow to execute a save rsnc command
root@server05:/home/remote-backup# cat bin/validate-backup-cmd.sh
#!/bin/bash
# echo "${SSH_ORIGINAL_COMMAND}" >> ~/remote-backup.log
case "$SSH_ORIGINAL_COMMAND" in
*\&*|*\|*|*\;*|*\>*|*\<*|*\!*)
echo invalid command
exit 1
;;
/usr/bin/rsync\ --server\ --sender*)
sudo ${SSH_ORIGINAL_COMMAND}
;;
rsync\ --server\ --sender*)
sudo /usr/bin/${SSH_ORIGINAL_COMMAND}
;;
*)
echo invalid command
exit 1
;;
esac
Display More
as root:
root@server05:~# cat /etc/sudoers.d/remote-backup
# remote backup
# allow user remote-backup to execue rsync as root
remote-backup ALL= NOPASSWD:/usr/bin/rsync
root@server05:~#
I think something similair can be done with push backups too.
Important:
The OMV setup for the rsync job (in the GUI) allows me to select 'key-authentication' but then it expects a key assigned in that menu. The keys to select from are NOT the SSH keys that are maintained in all the OMV user profiles. The SSH key for rsync has to be setup under OMV GUI-Certificates as a new SSH key pair. Now in order for that to be copied to the SSH destination host, ssh-copy-id must take the right SSH certificate. Interestingly, OMV saves the keys under /etc/ssh as files named [openmediavault...]
That'S what I meant with in OMV import the key. You do not have to create on inside OMV, but you can import an existing one.
Yes. That works too (via manual copy/paste)
Now the last step before sending real data across the Internet would be for me to test if the traffic of my new SSH tunnel is actually encrypted.
Do you know how to test this?
I think I once saw something about reading the SSH status messages at the destination during a tunnel transfer.
Have you tried any tests?
ssh os allways encrypted. Use the -v flag to ssh to see log messsges
Don’t have an account yet? Register yourself now and be a part of our community!