The goal is to have files from Windows, backed up to the Linux server (a Synology
NAS), in a secure way. In this example, I have used a Linux host as a backup server, and a Microsoft Windows 10 PC as a client.
In this example, I’ve used windows 10 rsync over SSH.
I’ve added a layer of security by removing an attack vector. The Linux backup server cannot be accessed remotely via SSH.
The Windows 10 PC has no access to the backup server; it can’t access the SSH service on the backup server — in fact, it cannot access any TCP nor UDP ports on the backup server, and it doesn’t need to.
- Windows 10 (running Microsoft OpenSSH) (https://github.com/PowerShell/Win32-OpenSSH)
- Linux or Synology NAS (running an with SSH client, rsync client, crond (to make the backup script run at regular intervals))
- Cygwin (https://cygwin.com)
NOTE: I do not recommend using the ‘DeltaCopy’ product because it comes with an old, insecure version of rsync
- Firewall rules on Windows 10 (configured to allow incoming connections on TCP port 22)
- (optional) A backup agent on Windows 10, to compress the files into a ZIP file
Here’s how it works:
1) The Windows PC will run Microsoft OpenSSH server (sometimes the thought of this makes me shudder but, it works)
2) The Windows PC runs the backup agent which backs up the files, compressed them into .ZIP archives, and stores them on an attached USB drive.
3) The Linux backup server has an SSH client & rsync client and, at regular intervals, it will SSH in to the Windows 10 PC to download all of the backups, using rsync to determine which files it already has
Step 2) :