Using rsync and cron to automate incremental backups

Data loss is a serious concern to both individuals and companies that rely in the use of computers for their every day life or operations. Those who have a Unix based system count with powerful tools to prevent this, such as rsync to backup the information, and cron to make the backup process automated. In previous posts I wrote about the basics of rsync and it's usage as a daemon, as well as the basics of cron. In this post the focus is on the backup functionality of rsync, and its conjoint usage with cron to automate the backup process.

How to create a reverse SSH tunnel

Sometimes that we need to connect via SSH into another computer, we find out that this computer that we intend to SSH into (which we are going to call "destiny") may be utilizing NAT and therefore it doesn't count with a public IP address that we could use to connect to it, or it may be behind a firewall that won't allow access from the outside.

If "destiny" can successfully establish a SSH connection to another computer that is accessible, we can utilize this second computer to establish a reverse SSH tunnel to our "destiny" computer, we are going to call this second computer "origin" (even if it is not actually the computer that we are going to use to manage "target" remotely, but only a bridge).

Defining SSH servers

If we need to log in often to the same SSH server(s), instead of type the entire connection command every time that we do it, since a connection command that may go something like this:

ssh -p 34567 username@subdomain.domain.tld

We can create a SSH configuration file that would allow us to define the parameters of a server, and then start a connection to it by simply typing the name that we gave it.

Passwordless SSH using digital signatures

When we log in via SSH to a server, a way to authenticate with it that does not require the use of a password is the use of digital signatures. What we do in this case is to generate a key pair (a public key and a private key), and then add our public key to the list of authorized keys in the server that we want to be able to log into.