How to set up an rsync backup to Ubuntu securely?
Posted
by
ws_e_c421
on Ask Ubuntu
See other posts from Ask Ubuntu
or by ws_e_c421
Published on 2012-12-17T15:08:24Z
Indexed on
2012/12/17
17:14 UTC
Read the original article
Hit count: 178
I have been following various other tutorials and blog posts on setting up a Ubuntu machine as a backup "server" (I'll call it a server, but it's just running Ubuntu desktop) that I push new files to with rsync. Right now, I am able to connect to the server from my laptop using rsync and ssh with an RSA key that I created and no password prompt when my laptop is connected to my home router that the server is also connected to. I would like to be able to send files from my laptop when I am away from home. Some of the tutorials I have looked at had some brief suggestions about security, but they didn't focus on them.
What do I need to do to let my laptop with send files to the server without making it too easy for someone else to hack into the server?
Here is what I have done so far:
Ran ssh-keygen and ssh-copy-id to create a key pair for my laptop and server.
Created a script on the server to write its public ip address to a file, encrypt the file, and upload to an ftp server I have access to (I know I could sign up for a free dynamic DNS account for this part, but since I have the ftp account and don't really need to make the ip publicly accessible I thought this might be better).
Here are the things I have seen suggested:
Port forwarding: I know I need to assign the server a fixed ip address on the router and then tell the router to forward a port or ports to it. Should I just use port 22 or choose a random port and use that?
Turn on the firewall (ufw). Will this do anything, or will my router already block everything except the port I want?
Run fail2ban.
Are all of those things worth doing? Should I do anything else? Could I set up the server to allow connections with the RSA key only (and not with a password), or will fail2ban provide enough protection against malicious connection attempts? Is it possible to limit the kinds of connections the server allows (e.g. only ssh)?
I hope this isn't too many questions. I am pretty new to Ubuntu (but use the shell and bash scripts on OSX). I don't need to have the absolute most secure set up. I'd like something that is reasonably secure without being so complicated that it could easily break in a way that would be hard for me to fix.
© Ask Ubuntu or respective owner