Script for transferring files over the internet via a Cron task

I want to add a bit to a backup script that will transfer a file to another server, over the internet.

My cron currently does a pg_dump of a database into a file on the local machine, I want to then push that file to remote location, it needs to be secure (thinking SSH/SCP/SFTP but I'm open to suggestions).

I don't want to mount a directory from the remote server as I'm going over the internet, and my perception is that isn't very secure.

both machines are running ubuntu, 11.04 on one, and 12.04.2 on the source machine.

Additionally, I then want to push the file to multiple backup locations, but I'm assuming that once I have I commandline I can just rinse and repeat in the script.

I've looked at scp and sftp, but both require a password to be supplied interactively it seems.

Martin

Posted 2013-07-24T21:39:30.687

Reputation: 163

Answers

You can implement a ssh-key between both servers with ssh-keygen and then ssh-copy-id. That configurations permits that scp, ssh can work without password, with encryption of data.

cfreire

Posted 2013-07-24T21:39:30.687

Reputation: 141

"Secure" is relative to whatever protocol you are using. If you mount the directory via sshfs over the internet, it will be plenty secure because of the normal ssh encryption. It will even warn you if somebody has spoofed the server and its fingerprint has changed so that you aren't tricked into accidentally uploading your packet to somebody else's server.

Another thing you can try is to use VPN to establish a secure connection to either your home network from your server or the other way around. Then you can feel free to use unsecured things like nfs (without sec=krb5p) and have the directory mounted.

You could also try using NFS with Kerberos 5 per this answer and not worrying about using the VPN stuff, but according to that answer, exposing those ports publicly could, if an issue came up, expose vulnerabilities.

The scp option is good too, but I have honestly found that it slows things down unless you have a very good internet connection, a fast server (in terms of processing power), and ssh keys set up.

My own personal solution for this would be VPN + nfs and use your existing script to dump into the nfs-mounted folder which would be, in reality, on the other machine. You can even set the folder to mount automagically when the server becomes available and use pre-shared keys to do authentication for the vpn so no intervention is necessary.

VPN for ubuntu: https://wiki.ubuntu.com/VPN

OpenVPN howto page from arch linux: https://wiki.archlinux.org/index.php/OpenVPN

More VPN Resources

Los Frijoles

Posted 2013-07-24T21:39:30.687

Reputation: 328

thanks, but the 2 servers are both "in the cloud", so I'm not sure VPN is the best option. Also, having a permanent VPN connection between a private network and a publicly accessible would be ill advised imho. – Martin – 2013-07-24T22:42:46.587