Remote Backup of Windows Boxes w/o Samba?

reezle asks: "I'm looking for a good (free as in beer) method to have my Debian server back up some remote Windows machines. There is no Samba in the mix; this is supposed to be a strictly secure internet thing. I've been toying with OpenSSH on the windows computers as a good tunnel, thought of simple tools like ntbackup initiated from a script on the Linux box, but not all of the pieces have come together yet. I need to have the Linux box make the connection, back up data (full and incremental backups) and have that backup data get back to the Linux machine in an encrypted format (across the wild internet). Has anyone done something like this?"

Idea,

[MoOsEb0y]

Install an SSH Server on the windows machine, use SHFS [sf.net] to mount the remote filesystem to a directory, then use rsync to copy it.

Three letters: SCP.

[GregChant]

Your best bet, in a cheap and dirty solution, is to use SCP. Set up a cron job to securely copy the files you need. No muss, no fuss, no samba, and all encrypted.

cron+scp

[Cranx]

Have cron create a .tgz backup regularly, and download it through scp on your Windows machine.

Why not samba?

[Anonymous Coward]

Can't you set up a vpn between the two pc's with OpenVPN, and use samba over the VPN?

Backup

[m0rph3us0]

Use the windows backup program to have windows make the backups then have Windows copy them to the debian box via scp.

Or.... put Samba on the Debian box, use port forwarding and the loopback adapter to create a tunnel to the samba box and have the windows backup program write to the samba share which is only listens on 127.0.1.1

setup on windows box:
Loopback IP: 172.168.254.1
Real IP: XX.XX.XX.XX
SSH port forward from Local 172.168.254.1:139 to remote 127.0.0.1:139

Create an account for each machine on the debian box.

Windows backs up to \\172.168.254.1\MACHINENAME

Might give Unison a Try

[namtro]

I've had fairly good experiences with the Unison [upenn.edu] product. It works similarly to rsync [anu.edu.au] but with a few enhanced features. And I quote...

• Unison runs on both Windows (95, 98, NT, and 2k) and Unix (Solaris, Linux, etc.) systems. Moreover, Unison works across platforms, allowing you to synchronize a Windows laptop with a Unix server, for example.
• Unlike a distributed filesystem, Unison is a user-level program: there is no need to hack (or own!) the kernel, or to have superuser privileges on either host.
• Unlike simple mirroring or backup utilities, Unison can deal with updates to both replicas of a distributed directory structure. Updates that do not conflict are propagated automatically. Conflicting updates are detected and displayed.
• Unison works between any pair of machines connected to the internet, communicating over either a direct socket link or tunneling over an rsh or an encrypted ssh connection. It is careful with network bandwidth, and runs well over slow links such as PPP connections. Transfers of small updates to large files are optimized using a compression protocol similar to rsync.
• Unison has a clear and precise specification.
• Unison is resilient to failure. It is careful to leave the replicas and its own private structures in a sensible state at all times, even in case of abnormal termination or communication failures.
• Unison is free; full source code is available under the GNU Public License.

Anyway, you might give it a look...

Re:Cygwin + rsync

[Filoseta]

To expand on this slightly, I have had good success with duplicity [nongnu.org].

It supports gpg signing and encrypting of archives and provides direct support for scp/ssh as a transport while handling full and incremental backups very nicely (well, after I wrote a few wrapper scripts just to make my life easier).

I have not used it on windows with cygwin, but I know people who are.

Re:Idea,

[nocomment]

I do this [oreilly.com] on my linux boxes and it works really well. A quick google talks about people doing this between *nix and windows.

Look at rdiff-backup

[cornice]

Take a look at rdiff-backup [stanford.edu]. I've been very impressed with it. From the website:

rdiff-backup backs up one directory to another, possibly over a network. The target directory ends up a copy of the source directory, but extra reverse diffs are stored in a special subdirectory of that target directory, so you can still recover files lost some time ago. The idea is to combine the best features of a mirror and an incremental backup. rdiff-backup also preserves subdirectories, hard links, dev files, permissions, uid/gid ownership, and modification times. Also, rdiff-backup can operate in a bandwidth efficient manner over a pipe, like rsync. Thus you can use rdiff-backup and ssh to securely back a hard drive up to a remote location, and only the differences will be transmitted. Finally, rdiff-backup is easy to use and settings have sensical defaults.


I found it to be very fast and reliable. And yes, it aparently does work under Windows [stanford.edu].

Re:Bacula

[GLHMarmot]

I use bacula extensively between various flavours of linux and windows. It just works. You can set your retention period and it will automatically purge old information. It will write to various backup media (tape, disk etc) and create volume sizes of your choice.

I use OpenVpn for encrypted connectivity between the machines as I am backing up a number of them across the net. It also has linux and windows clients.

One caveat is that I don't use it to backup the entire system. I back up the users' data and configuration information as the rest can be easily restored from the original media.

dual boot to linux

[kyuso]

I dual-boot to linux in all the Windows PC (Every PC has linux boot) then use ssh/rsync to backup the whole Windows directory. Of course all windows partition must be FAT32 (even for WinXP) or something read/writable by linux. Then ssh reboot to Windows.

Nothing fancy to do on Windows. It takes 10 to 30 minutes to restore Windows to the way it was exactly when it was backed up, including XP. Without linux, it would have taken a whole day with all the patches, drivers, exact configuration, applications install, more patches, etc. etc.

Quick and Dirty Secure Win-Lin backup

[Proteus]

I've got a quick-and-dirty solution that I use for off-site backups of a relative's Windows network. This may not be exactly what you need, but hopefully it gets you started in the right direction.

First, I create backup files. To do this, I use the Backup utility built into Windows (for better or worse). Of course, this assumes you have enough freespace on your Windows volumes to accomodate the backups...

On the server side, I set up an FTP daemon and an OpenSSH daemon. The FTP daemon is configured to only accept connections from localhost, so one must log in via SSH to transfer via FTP.

Then, I use a simple Win script to

1. open a key-authenticated SSH session with PuTTY (configured to tunnel FTP connections)
2. establish an FTP connection with localhost on the Win machine (initiates tunnelled connection)
3. transfer the files with FTP over the secure link

This has worked fantastically well for me, and the only thing I didn't already have was PuTTY. It's also as secure as any other SSH activity (pretty darn secure), and if you make the SSH session log in as a restricted "backup" user, it becomes very difficult to use this system to escalate privileges on the server.