Difference between revisions of "Rsyncd setup on a windows computer for use with Affa backup"
From SME Server
Jump to navigationJump to search (References) |
m (→Purpose) |
||
| (18 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
| − | |||
| − | |||
=== Purpose === | === Purpose === | ||
Using Cygwin rsync on a Windows computer to backup it remotely over ssh does not work as the Cygwin rsync process hangs. This problem has been reported frequently but was not solved yet. The only known workaround is running the rsync daemon. | Using Cygwin rsync on a Windows computer to backup it remotely over ssh does not work as the Cygwin rsync process hangs. This problem has been reported frequently but was not solved yet. The only known workaround is running the rsync daemon. | ||
This document describes the installation and configuration of the rsync daemon in the cygwin environment on a Windows XP computer for the purpose to backup data using the Affa backup software. | This document describes the installation and configuration of the rsync daemon in the cygwin environment on a Windows XP computer for the purpose to backup data using the Affa backup software. | ||
| + | |||
| + | Affa versions 0.9.0 or higher support the rsyncd protocol. | ||
| + | |||
| + | {{Note box| Cygwin requires a Windows OS with NTFS file system. Does not work on FAT32 file system}} | ||
| + | {{Note box| The latest and maintained version of this Howto can be found [http://wiki.nikoforge.org/ here].}} | ||
=== Installation === | === Installation === | ||
| − | Login | + | Login with the '''local''' Administrator account and create a folder C:\cygwin. Save http://cygwin.com/setup.exe to this folder and run it: |
| + | |||
[[Image:Cygwin-install-screenshot-1.png]] | [[Image:Cygwin-install-screenshot-1.png]] | ||
| Line 26: | Line 29: | ||
* from category Net: openssh, rsync | * from category Net: openssh, rsync | ||
* from category Editor: vim (or any other editor of your choice) | * from category Editor: vim (or any other editor of your choice) | ||
| + | * from category Utils: diffutils | ||
[[Image:Cygwin-install-screenshot-7.png]] | [[Image:Cygwin-install-screenshot-7.png]] | ||
| Line 33: | Line 37: | ||
=== Configuration === | === Configuration === | ||
| − | |||
| − | |||
| − | |||
Run the ''Cygwin Bash Shell'' from the ''Start Menu''. | Run the ''Cygwin Bash Shell'' from the ''Start Menu''. | ||
| − | ==== Configuring sshd Service ==== | + | ==== Configuring the sshd Service ==== |
{{Note box|The sshd service is not needed for the Affa backup but it is quite useful to have a ssh login for configuration or viewing log files. You can skip this step, if you don't need ssh login.}} | {{Note box|The sshd service is not needed for the Affa backup but it is quite useful to have a ssh login for configuration or viewing log files. You can skip this step, if you don't need ssh login.}} | ||
| Line 44: | Line 45: | ||
ssh-host-config | ssh-host-config | ||
You are asked a few questions. Answer them as shown in the script dialog below (in bold text). | You are asked a few questions. Answer them as shown in the script dialog below (in bold text). | ||
| + | |||
| + | ===== On Windows Vista ===== | ||
| + | {{Incomplete}} | ||
| + | . | ||
| + | |||
| + | ===== On Windows XP, Windows 2000 Workstation and Windows 2000 Server ===== | ||
Generating /etc/ssh_host_key | Generating /etc/ssh_host_key | ||
Generating /etc/ssh_host_rsa_key | Generating /etc/ssh_host_rsa_key | ||
| Line 56: | Line 63: | ||
Should this script create a local user 'sshd' on this machine? (yes/no) '''yes''' | Should this script create a local user 'sshd' on this machine? (yes/no) '''yes''' | ||
Generating /etc/sshd_config file | Generating /etc/sshd_config file | ||
| − | Added ssh to | + | Added ssh to F:\WINDOWS\system32\drivers\etc\services |
| + | |||
| + | Warning: The following functions require administrator privileges! | ||
| + | |||
| + | Do you want to install sshd as service? | ||
| + | (Say "no" if it's already installed as service) (yes/no) '''yes''' | ||
| + | |||
| + | Which value should the environment variable CYGWIN have when | ||
| + | sshd starts? It's recommended to set at least "ntsec" to be | ||
| + | able to change user context without password. | ||
| + | Default is "ntsec". CYGWIN='''ntsec''' | ||
| + | |||
| + | The service has been installed under LocalSystem account. | ||
| + | To start the service, call `net start sshd' or `cygrunsrv -S sshd'. | ||
| + | |||
| + | Host configuration finished. Have fun! | ||
| + | |||
| + | ===== On Windows Server 2003 ===== | ||
| + | Choose a random string for the password. You'll never need it again. | ||
| + | Generating /etc/ssh_host_key | ||
| + | Generating /etc/ssh_host_rsa_key | ||
| + | Generating /etc/ssh_host_dsa_key | ||
| + | Generating /etc/ssh_config file | ||
| + | Privilege separation is set to yes by default since OpenSSH 3.3. | ||
| + | However, this requires a non-privileged account called 'sshd'. | ||
| + | For more info on privilege separation read /usr/share/doc/openssh/README.privsep. | ||
| + | Should privilege separation be used? (yes/no) '''yes''' | ||
| + | Warning: The following function requires administrator privileges! | ||
| + | Should this script create a local user 'sshd' on this machine? (yes/no) '''yes''' | ||
| + | Generating /etc/sshd_config file | ||
Warning: The following functions require administrator privileges! | Warning: The following functions require administrator privileges! | ||
| Line 63: | Line 99: | ||
Do you want to install sshd as service? | Do you want to install sshd as service? | ||
(Say "no" if it's already installed as service) (yes/no) '''yes''' | (Say "no" if it's already installed as service) (yes/no) '''yes''' | ||
| + | |||
| + | You appear to be running Windows 2003 Server or later. On 2003 and | ||
| + | later systems, it's not possible to use the LocalSystem account | ||
| + | if sshd should allow passwordless logon (e. g. public key authentication). | ||
| + | If you want to enable that functionality, it's required to create a new | ||
| + | account 'sshd_server' with special privileges, which is then used to run | ||
| + | the sshd service under. | ||
| + | |||
| + | Should this script create a new local account 'sshd_server' which has | ||
| + | the required privileges? (yes/no) '''yes''' | ||
| + | |||
| + | Please enter a password for new user 'sshd_server'. Please be sure that | ||
| + | this password matches the password rules given on your system. | ||
| + | Entering no password will exit the configuration. PASSWORD='''Xesp348RfnMes''' | ||
| + | |||
| + | User 'sshd_server' has been created with password 'Xesp348RfnMes'. | ||
| + | If you change the password, please keep in mind to change the password | ||
| + | for the sshd service, too. | ||
| + | |||
| + | Also keep in mind that the user sshd_server needs read permissions on all | ||
| + | users' .ssh/authorized_keys file to allow public key authentication for | ||
| + | these users!. (Re-)running ssh-user-config for each user will set the | ||
| + | required permissions correctly. | ||
| + | |||
Which value should the environment variable CYGWIN have when | Which value should the environment variable CYGWIN have when | ||
sshd starts? It's recommended to set at least "ntsec" to be | sshd starts? It's recommended to set at least "ntsec" to be | ||
able to change user context without password. | able to change user context without password. | ||
| − | Default is "ntsec". CYGWIN= | + | Default is "ntsec". CYGWIN='''ntsec''' |
| − | The service has been installed under | + | The service has been installed under sshd_server account. |
| + | To start the service, call `net start sshd' or `cygrunsrv -S sshd'. | ||
Host configuration finished. Have fun! | Host configuration finished. Have fun! | ||
| + | |||
Start the sshd service | Start the sshd service | ||
net start sshd | net start sshd | ||
| − | Don't forget to open port 22 in the Windows firewall. | + | Don't forget to open port 22 for the IP address of the Affa server in the Windows firewall. |
| + | |||
| − | + | Testing | |
ssh Administrator@localhost | ssh Administrator@localhost | ||
| − | ==== Configuring rsyncd Service ==== | + | ==== Configuring the rsyncd Service ==== |
| − | Create the /etc/rsyncd. | + | Create the /etc/rsyncd.secrets file and add the user affa with password '''secretword''' separated by a colon. Replace the placeholder '''secretword''' by a strong password. The user 'affa' does not need to exist on the local system. |
affa:'''secretword''' | affa:'''secretword''' | ||
| Line 104: | Line 167: | ||
path = /cygdrive | path = /cygdrive | ||
comment = cygdrive root dir | comment = cygdrive root dir | ||
| − | Uid 18 is the userid of the System account | + | Uid 18 is the userid of the System account. Gid 544 is the groupid of the Administrators group (may be shown as root/gid 0 on the Cygwin console). |
| Line 114: | Line 177: | ||
Start the rsyncd service | Start the rsyncd service | ||
net start rsyncd | net start rsyncd | ||
| − | Don't forget to open port 873 in the Windows firewall. | + | Don't forget to open port 873 for the IP address of the Affa server in the Windows firewall. |
| + | |||
| + | |||
| + | Testing | ||
| − | |||
Login the Affa server and run the following command, where IP_ADDRESS is the IP address of the Windows computer. | Login the Affa server and run the following command, where IP_ADDRESS is the IP address of the Windows computer. | ||
rsync -av affa@IP_ADDRESS::'AFFA/' | rsync -av affa@IP_ADDRESS::'AFFA/' | ||
You should receive a file list of all your drives. | You should receive a file list of all your drives. | ||
| − | |||
=== Security === | === Security === | ||
The rsync daemon protocol does not provide any encryption of the data that is transferred over the connection. Use it only in the local net or VPN. | The rsync daemon protocol does not provide any encryption of the data that is transferred over the connection. Use it only in the local net or VPN. | ||
| + | |||
| + | === Uninstall === | ||
| + | * Login with the local Administrator account and run the ''Cygwin Bash Shell'' | ||
| + | * Stop services | ||
| + | net stop sshd | ||
| + | net stop rsyncd | ||
| + | * Uninstall services | ||
| + | sc delete sshd | ||
| + | sc delete rsyncd | ||
| + | * Remove local user sshd | ||
| + | net user /delete sshd | ||
| + | * Remove local sshd_server ''(Windows 2003 server only)'' | ||
| + | net user /delete sshd_server | ||
| + | * Close the ''Cygwin Bash Shell'' | ||
| + | * Remove folder c:\cygwin | ||
=== References === | === References === | ||
| + | * [[Affa]] Contrib | ||
* http://marc-abramowitz.com/archives/2007/10/14/solving-rsync-hangs-with-cygwin/ | * http://marc-abramowitz.com/archives/2007/10/14/solving-rsync-hangs-with-cygwin/ | ||
| + | |||
| + | [[Category: Backup]] | ||
| + | [[Category: Howto]] | ||
Revision as of 03:34, 12 November 2011
Purpose
Using Cygwin rsync on a Windows computer to backup it remotely over ssh does not work as the Cygwin rsync process hangs. This problem has been reported frequently but was not solved yet. The only known workaround is running the rsync daemon.
This document describes the installation and configuration of the rsync daemon in the cygwin environment on a Windows XP computer for the purpose to backup data using the Affa backup software.
Affa versions 0.9.0 or higher support the rsyncd protocol.
Installation
Login with the local Administrator account and create a folder C:\cygwin. Save http://cygwin.com/setup.exe to this folder and run it:
Select a nearby mirror
Select the packages to install (in addtion to the already selected defaults):
- from category Net: openssh, rsync
- from category Editor: vim (or any other editor of your choice)
- from category Utils: diffutils
Configuration
Run the Cygwin Bash Shell from the Start Menu.
Configuring the sshd Service
Run the sshd configuration script.
ssh-host-config
You are asked a few questions. Answer them as shown in the script dialog below (in bold text).
On Windows Vista
.
On Windows XP, Windows 2000 Workstation and Windows 2000 Server
Generating /etc/ssh_host_key Generating /etc/ssh_host_rsa_key Generating /etc/ssh_host_dsa_key Generating /etc/ssh_config file Privilege separation is set to yes by default since OpenSSH 3.3. However, this requires a non-privileged account called 'sshd'. For more info on privilege separation read /usr/share/doc/openssh/README.privsep. Should privilege separation be used? (yes/no) yes Warning: The following function requires administrator privileges! Should this script create a local user 'sshd' on this machine? (yes/no) yes Generating /etc/sshd_config file Added ssh to F:\WINDOWS\system32\drivers\etc\services Warning: The following functions require administrator privileges! Do you want to install sshd as service? (Say "no" if it's already installed as service) (yes/no) yes Which value should the environment variable CYGWIN have when sshd starts? It's recommended to set at least "ntsec" to be able to change user context without password. Default is "ntsec". CYGWIN=ntsec The service has been installed under LocalSystem account. To start the service, call `net start sshd' or `cygrunsrv -S sshd'. Host configuration finished. Have fun!
On Windows Server 2003
Choose a random string for the password. You'll never need it again.
Generating /etc/ssh_host_key Generating /etc/ssh_host_rsa_key Generating /etc/ssh_host_dsa_key Generating /etc/ssh_config file Privilege separation is set to yes by default since OpenSSH 3.3. However, this requires a non-privileged account called 'sshd'. For more info on privilege separation read /usr/share/doc/openssh/README.privsep. Should privilege separation be used? (yes/no) yes Warning: The following function requires administrator privileges! Should this script create a local user 'sshd' on this machine? (yes/no) yes Generating /etc/sshd_config file Warning: The following functions require administrator privileges! Do you want to install sshd as service? (Say "no" if it's already installed as service) (yes/no) yes You appear to be running Windows 2003 Server or later. On 2003 and later systems, it's not possible to use the LocalSystem account if sshd should allow passwordless logon (e. g. public key authentication). If you want to enable that functionality, it's required to create a new account 'sshd_server' with special privileges, which is then used to run the sshd service under. Should this script create a new local account 'sshd_server' which has the required privileges? (yes/no) yes Please enter a password for new user 'sshd_server'. Please be sure that this password matches the password rules given on your system. Entering no password will exit the configuration. PASSWORD=Xesp348RfnMes User 'sshd_server' has been created with password 'Xesp348RfnMes'. If you change the password, please keep in mind to change the password for the sshd service, too. Also keep in mind that the user sshd_server needs read permissions on all users' .ssh/authorized_keys file to allow public key authentication for these users!. (Re-)running ssh-user-config for each user will set the required permissions correctly. Which value should the environment variable CYGWIN have when sshd starts? It's recommended to set at least "ntsec" to be able to change user context without password. Default is "ntsec". CYGWIN=ntsec The service has been installed under sshd_server account. To start the service, call `net start sshd' or `cygrunsrv -S sshd'. Host configuration finished. Have fun!
Start the sshd service
net start sshd
Don't forget to open port 22 for the IP address of the Affa server in the Windows firewall.
Testing
ssh Administrator@localhost
Configuring the rsyncd Service
Create the /etc/rsyncd.secrets file and add the user affa with password secretword separated by a colon. Replace the placeholder secretword by a strong password. The user 'affa' does not need to exist on the local system.
affa:secretword
Set secure permissions on /etc/rsyncd.secrets
chown 18.544 /etc/rsyncd.secrets chmod 660 /etc/rsyncd.secrets
Create the /etc/rsyncd.conf configuration file. Replace the placeholder AFFA_IP by the ip address of your Affa server.
gid = 544 uid = 18 hosts allow = AFFA_IP auth users = affa secrets file = /etc/rsyncd.secrets strict modes = true read only = true use chroot = no transfer logging = true log format = %h %o %f %l %b log file = /var/log/rsyncd.log [AFFA] path = /cygdrive comment = cygdrive root dir
Uid 18 is the userid of the System account. Gid 544 is the groupid of the Administrators group (may be shown as root/gid 0 on the Cygwin console).
Install rsyncd as a service.
cygrunsrv --install "rsyncd" --path /usr/bin/rsync --args "--daemon --no-detach" \ --desc "Starts a rsync daemon for accepting incoming rsync connections" \ --disp "Rsync Daemon" --type auto
Start the rsyncd service
net start rsyncd
Don't forget to open port 873 for the IP address of the Affa server in the Windows firewall.
Testing
Login the Affa server and run the following command, where IP_ADDRESS is the IP address of the Windows computer.
rsync -av affa@IP_ADDRESS::'AFFA/'
You should receive a file list of all your drives.
Security
The rsync daemon protocol does not provide any encryption of the data that is transferred over the connection. Use it only in the local net or VPN.
Uninstall
- Login with the local Administrator account and run the Cygwin Bash Shell
- Stop services
net stop sshd net stop rsyncd
- Uninstall services
sc delete sshd sc delete rsyncd
- Remove local user sshd
net user /delete sshd
- Remove local sshd_server (Windows 2003 server only)
net user /delete sshd_server
- Close the Cygwin Bash Shell
- Remove folder c:\cygwin
