How to set up an rsync backup to Ubuntu securely?

Posted by ws_e_c421 on Ask Ubuntu See other posts from Ask Ubuntu or by ws_e_c421
Published on 2012-12-17T15:08:24Z Indexed on 2012/12/17 17:14 UTC
Read the original article Hit count: 174

Filed under:
|
|
|

I have been following various other tutorials and blog posts on setting up a Ubuntu machine as a backup "server" (I'll call it a server, but it's just running Ubuntu desktop) that I push new files to with rsync. Right now, I am able to connect to the server from my laptop using rsync and ssh with an RSA key that I created and no password prompt when my laptop is connected to my home router that the server is also connected to. I would like to be able to send files from my laptop when I am away from home. Some of the tutorials I have looked at had some brief suggestions about security, but they didn't focus on them.

What do I need to do to let my laptop with send files to the server without making it too easy for someone else to hack into the server?

Here is what I have done so far:

  • Ran ssh-keygen and ssh-copy-id to create a key pair for my laptop and server.

  • Created a script on the server to write its public ip address to a file, encrypt the file, and upload to an ftp server I have access to (I know I could sign up for a free dynamic DNS account for this part, but since I have the ftp account and don't really need to make the ip publicly accessible I thought this might be better).

Here are the things I have seen suggested:

  • Port forwarding: I know I need to assign the server a fixed ip address on the router and then tell the router to forward a port or ports to it. Should I just use port 22 or choose a random port and use that?

  • Turn on the firewall (ufw). Will this do anything, or will my router already block everything except the port I want?

  • Run fail2ban.

Are all of those things worth doing? Should I do anything else? Could I set up the server to allow connections with the RSA key only (and not with a password), or will fail2ban provide enough protection against malicious connection attempts? Is it possible to limit the kinds of connections the server allows (e.g. only ssh)?

I hope this isn't too many questions. I am pretty new to Ubuntu (but use the shell and bash scripts on OSX). I don't need to have the absolute most secure set up. I'd like something that is reasonably secure without being so complicated that it could easily break in a way that would be hard for me to fix.

© Ask Ubuntu or respective owner

Related posts about ssh

Related posts about backup