Until recently, I used the Digital Ocean’s backup service, which takes snap shots of the whole drive, but would have added a cost to my monthly bill and the service is triggered when DO deems that sufficient changes have happened on the drive.
I’d rather have a backup process I have more control over.
SSH from server to local machine
However, only the backup destination could be remote, not the source. So the script had to be run on the server and the destination had to be a disk connected to my laptop (the one I was SSH-ing from).
My router is notoriously difficult to set up to allow port forwarding and I
didn’t want to open up my laptop to random SSH attempts on the wild internet.
So I decided to use
RemotePortForwarding. There were a few hoops I had to
jump through, though.
Then I tested it:
It prompted me for my password and it worked!
Making SSH easier
However, having the machine prompt me for a password each time it ran a command
on my local machine was not going to work (
ssh is called several times during
the operation to test for markers, old backups, etc.). Hence, I generated
an SSH key pair on the remote server:
Then I copied the
id_rsa.pub, which was also generated on the server, to my
~/.ssh/authorized_keys. However, since I was going to run
the backup command with a
sudo, I had to move the
id_rsa to the
Now, running SSH commands on my local computer didn’t need me to enter a password on the remote machine and the SSH port will be exposed only during the duration of my connection to the server.
What to backup
Then to prepare the exclude file, I took inspiration from a Digital Ocean blog post and wrote the following in
I erred on the side of safety, backing up my entire config along with the binaries.
It turned out that
eaut had built on top of
rsync-time-backup and had added
features which were going to be necessary for me to use it, i.e. specifying a
custom port to SSH to:
-p 2000. Hence, I checked it out on the remote machine.
This was the command I finally ran on the remote machine:
The first run is expected to last a rather long time as the whole server is backed up.
To make things a little more comfortable for myself, I slipped the following
Now I have a way to SSH back to my local machine every time I SSH into my