SSH/SFTP Rsync backups done with chroot

Rsync

Rsync, for those who aren’t familiar, is a file copy tool, which, after the first copy, will only send changes during subsequent updates. This makes it a very efficient tool, especially when used over an internet connection.

Anyway, to enable rsync from server A to server B, it is common to perform the login via key. This means that on Server A you’d generate a SSH keypair for your backup user, then copy the public key that was generated into the ~/.ssh/authorized_keys file for your backup user on Server B.

Because rsync is going to be executed automatically via cron script, it is necessary to create the key file without a password.

Jail

  • Configure your SSH server
    • Open up /etc/ssh/sshd_config
    • At the end of the file, tell SSH to create a chroot jail for your backup user:
      ChrootDirectory %h
      AllowTcpForwarding no
      PermitTunnel no
      X11Forwarding no

      Note, because of the way chroot works, you’ll need to make sure the chroot directory is owned by ROOT, even if it’s actually the home directory of your backup user.

  • Save, and restart your SSH server.

This gets you part of the way, you should now be able to SSH/SFTP into Server B using your backup user, and when connected, you will be restricted to the location set in ChrootDirectory.

Unfortunately, rsync needs more than this, and in order to copy files it’ll need access to the shell (I’m assuming bash), as well as the rsync application itself, together with whatever libraries are required.

Therefore, it becomes necessary to create a partial chroot image in the backup user’s chroot directory. You could do this the traditional way (e.g. by using something like debootstrap), which will create a mirror of your base operating system files in the chroot jail. However, this generally takes a few hundred megabytes at least, and if all you want is to copy some files, you don’t want to give access to more than you need.

Instead, I opt to create a skeleton chroot jail by hand.

The goal here is to mirror the filesystem of your server inside the chroot jail, so that if a file exists in /foo/bar, then you need to copy it to /home/backup-user/foo/bar, and make sure it’s owned by root.

  • Copy bash from /bin/bash to the directory /home/backup-user/bin/
  • Copy rsync (on my system this was in /usr/bin)
  • Next, you need to copy the symbolic link libraries to which these files are linked against. You can use the tool ldd to interrogate the executable and get a list of files to copy, e.g:
    root@server-b:/home/backup-user# ldd /bin/bash
        linux-vdso.so.1 =>  (0x00007fff52bff000)
        libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f412810a000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f4127f06000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f4127b79000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f4128340000)

    Copy the files which have directories into the appropriate locations, e.g./lib/x86_64-linux-gnu/libtinfo.so.5 should go into/home/backup-user/lib/x86_64-linux-gnu/

  • Do the same for /usr/bin/rsync

xrdp (Remote Desktop) on Lubuntu 14.04

Updated February 6, 2016!

To use Microsoft’s Remote Desktop to connect to a Lubuntu 14.04 machine, use xrdp. xrdp uses vnc4server to spin up LXDE sessions on your Lubuntu machine.

To begin, install xrdp:

sudo apt-get install xrdp

If you try connecting to your machine, you’re going to get a grey desktop. xrdp is trying to use the command “startx” to start a window manager. On Lubuntu, this will not work. You need xrdp to use the command “lxsession”.

To make this change, you need to edit /home/[your_username]/.xsession:

nano /home/[your_username]/.xsession

…and make it look like this:

#!/bin/sh

/usr/bin/lxsession -s Lubuntu -e LXDE

Save .xsession, reboot your computer, and try connecting from your Remote Desktop client. Voilà!

Unencrypted QAM channels in Petersburg

Unencrypted QAM channels in Petersburg, Virginia 23805 (Comcast – Digital).

Updated 11/28/2012

You’re welcome.

Tune Guide Number Guide Name
16.23 1530 ABCF HD
17.7 1205 USA HD
17.8 1261 NATGEO HD
17.9 1250 Dscvry HD
18.15 1350 TLC HD
46.42 1311 QVC HD
59.1341 1730 BTN HD
66.2 1330 A&E HD
66.3 1290 HGTV HD
67.4 1240 UHD
67.5 1280 FOOD HD
68.19 1611 GOLF HD
68.2 1806 AMC HD
68.21 1106 CNN HD
69.1
69.4
71.1101 1220 TBS HD
72.1001 1206 TNT HD
72.1002 25 CSN HD
77.1426
90.141 23.1 WCVEDT
90.142 23.2 WCVEDT2
90.143 23.3 WCVEDT3
90.145 57.1 WCVWDT
91.341 35.1 WRLHDT
91.342 35.2 WRLHDT2
91.344 6.1 WTVRDT
91.345 6.2 WTVRDT2
91.346 6.3 WTVRDT3
92.626 721 CBS SPORTS
93.1001 225 BBC AMERICA
93.1002 127 C-SPAN 3
93.1006 321 BIO
93.101
94.4011 12 WWBT
94.4012 5 FOX
94.4014 2 WCVE HD
94.4016 11 CW
94.4018 10 WCVW
94.4022
100.102 35 CARTOON
100.108 29 AMC
101.401 552 INSP
101.402
101.403 407 CMT
101.404 55 OXYGEN
101.406 820 LMN
101.411 50 HISTORY
103.503 325 GSN
103.507 341 STYLE
103.509 222 G4
103.511 56 HALLMARK
103.513 291 DIY
104.4031 8 ABC
104.4032 6 CBS
104.4035 20 TCNMA
104.4042
105.201 13 C-SPAN
105.202 126 C-SPAN 2
105.21 9 QVC
106.604
106.607 7 WGN
106.608 63 JTV
106.61
106.611 217 ION
106.612 508 WPXVDT2
106.911
107.241 12.1 WWBTDT
107.242 12.2 WWBTDT2
107.244 8.1 WRICDT
107.245 8.2 WRICDT2
108.441 65.1 WUPVDT
108.442 65.2 WUPVDT2
109.1214 116 Bloomberg
110.712 612 TENNIS
110.714
113.1 1242 VEL
113.11 1260 ANIMAL HD
113.12 1270 HISTORY HD
117.1 1 XFINITY
117.2 202 TV GUIDE