Adam Goryachev wrote at about 01:40:31 +1000 on Thursday, April 28, 2011:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 28/04/11 01:11, Michael Stowe wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> I've got a number of random people's home PC's that I backup (friends
> >> and relatives etc), and I'm wondering what methods people use to handle
> >> this sort of environment.
> >>
> >> My latest method is to use the following components:
> >> 1) dynamic DNS to find them
> >> 2) static IP on the machine
> >> 3) static port forwarding on their home modem/router
> >> 4) install and configure cygwin SSH and rsync (not rsyncd)
> >>
> >> This method works pretty well for backing up non-open files (ie, the
> >> users real documents/etc).
> >
> > Your step #4 I don't do, instead, I just copy a directory and use the open
> > file backup method outlined here:
> >
> > http://www.goodjobsucking.com/?p=62
>
> The first problem I see with this is that it requires the windows box to
> be completely visible on the public IP... or at least enough port
> forwarding as to expose the ADMIN$ share so that winexe can connect
> remotely and execute the pre-exec.cmd etc...
I agree and have been hesitant to use winexe even on a LAN. It
certainly is a potential security hole. Instead, I wrote (and posted)
a script that uses ssh to create shadow copies and then sets up
rsyncd (which is of course also a security hole unless tunneled over ssh)
However, my script has only been tested on WinXP -- it requires some
(minor) changes to work on Vista and Windows 7 since Microsoft's
vshadow.exe has changed its interface between versions. It should,
however, be simpler using Vista/Win7 since vshadow supports persistent
shadow copies on those versions so you don't need to use a cmd.exe script
hack to keep the shadow up and then take it down when the backup is
finished.
Second, you probably would want to use rsync-over-ssh rather than
naked rsyncd if you are doing this over the public Internet. This
would actually be significantly simpler than my rsyncd script which
dynamically rewrites the rsyncd.conf and automatically starts/stops
the rsyncd service (Note: I wrote the script to use rsyncd for several
reasons. Most importantly, at the time cygwin rsync was broken and
BackupPC only worked on cygwin/Windows with rsyncd. Second, rsyncd is
faster on slow machines since you don't need to encrypt over
ssh. Third, rewriting rsyncd.conf to re-assign the rsyncd module names
to the new shadow mounts allows me to make the backup process
independent of what the shadow mounts are named)
All that being said, I have been meaning to update my script to work
with Win7 for a long time but just haven't had the spare cycles to do
that...
> I'd prefer to restrict the external visibility to port 22, and restrict
> that to key logins only...
>
> I can't be responsible for exposing peoples machines to attacks by
> worms/virus/hackers/script kiddies/etc...
>
> Certainly solves some of the software installation and open files backup
> though...
>
> Could that method be used over SSH? That would help the open files, but
> then lead back to the same installation problem of installing SSH and
> the service/etc...
It should be possible to tunnel just about anything (including
win.exe) over ssh if you have the ability to specify ports and if you
take the time to play with it...
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
