[Dirvish] Dirvish and Windows alternatives

Darren Hook droolio at gmail.com
Mon Aug 6 20:38:41 UTC 2007


Forgive my rather late response on this (only just signed up to the
list, but have been watching in the background)...

Keith Lofstrom wrote:
> The problem is that rsync + ssh together on a windows machine locks
> up.  rsync+rsh does not, but that is insecure.  Setting up a Windows
> machine to do insecure rsync+rsh through an external machine requires
> that the Windows machine is never directly exposed to the internet.
> What to do?

I too encountered these problems but found a fairly good workaround
(think the concept was mentioned in this list a while ago). It's so
far proving to be very reliable...

Basically, have rsyncd *and* sshd (both cygwin) on the Windows client
machine (SBS 2003 in our case), tunnel the ssh connection with a
pre-server and connect in a loopback fashion:

<vault>/dirvish/default.conf
-->
client: Administrator at 127.0.0.1
tree: :backups/ /
xdev: 0
index: gzip
zxfer: 1
stats: 1
permissions: 0
speed-limit: 0.2
rsync-option:
        --port=30001
pre-server: ssh Administrator at 195.x.x.x -L 30001:localhost:873 -f sleep 7200
<--

/etc/rsyncd.conf (on client)
-->
use chroot = false
strict modes = false
hosts allow = *
read only = true
transfer logging = false
log file = /var/log/rsyncd.log

[backups]
path = /cygdrive
<--

Note the local custom port (e.g. 30001) declared in the two lines -
use a different port for each client connection.

Also note the -f sleep <n>. This keeps the ssh connection open long
enough for rsync to start its work. (To be honest, <10 seconds will
do, as the sleep will expire and the rsync will keep the ssh tunnel
open.)

I personally set n long enough to cover a typical night's backup, in
case rsync fails internally and has to retry but you should know that
the major disadvantage with this whole method is that if the ssh link
goes down once, rsync will fail its three retries in quick succession
and the whole job fails. However, I've been using this over ADSL (as
little as 288kbit upstream on the client) to snapshot ~30Gb vaults and
rarely lose connection.

Crucially, I've experienced *no* strange lockups.

FYI, my dirvish server is debian etch on a VMWare Server (Windows 2003
host!) as I just couldn't get dirvish cygwin<->cygwin working at the
time (not least because I hadn't discovered the rsyncd+sshd method
then).

But also, Cygwin doesn't support pathname lengths > ~250 chars and
while this limitation still applies on the client side, we've avoided
it so far. The problem is worse at the server end as these paths get
added to its own (e.g.)
/cygwin/d/backups/bank/vault/img/tree/e/+<client structure>. Hence,
for us, the VM - which is working well for us.

Anyway, hope this information is useful to some of you. I know it was
mentioned here before but I've tested it and does indeed work.

Some things I want to try in the future:

Encrypted partition *and* compressed (using compFUSEd?).

More resilient SSH connection? http://www.infrahip.net/resilient/

And I'll certainly be looking into the Shadow Copy trick as mentioned
recently on the list. Perhaps it might be possible to get a complete -
system files 'an all - backup, of a Windows server finally?

Regards,

 - Darren


More information about the Dirvish mailing list