In this section I will describe how to setup a scheduled daily backup of the edgerouter-configuration via SFTP to another linux-box.
On the Edgerouter
First we need to generate a public keypair on our Edgerouter. This is our ticket to the backup server. This is way more secure that using a password for authentication.
sudo bash mkdir /config/ssh-keys cd /config/ssh-keys ssh-keygen -f backup -C "SSH key for backup" -N "" cat backup.pub
The last line prints our public key. This key is needed on our backup server. A key could look like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjsIf2CJz7cM5axHuNmh1oKPSuNZWrTpzLOe2PQoVCU/YL4nSsm+Zj1HvfAdbgVFvoWcGEw4rfKo+sRY/QQjNZfFCQyBRLzY5MBBnPrk1y75iILddaLVQvSm/3gSj6ZrEGH1ZS5mxznnwIovrROZ9tJeCPiS/1QDMMZDbTRR+Ez+eQVnaWdIhLGBhBEjj13VFAyV33QVzaaBc0SbtpzfbmUAVFHIjBXuUHoRTw0uZlvEg1GD68Mp7GhC6f1YeNU+zt2pA+6KRP9rZvshLfvAH9IP6uzgu17o2cDowF3tZmlhCFnr062ptbfDSnTO6ywEyzCIue85H6hEItmC3VBdnx SSH key for backup
On the backup server
Now we go to our server that will receive the backups and create a user for this purpose:
adduser backupuser su backupuser mkdir /home/backupuser/.ssh mkdir /home/backupuser/edge-backups vi /home/backupuser/.ssh/authorized_keys
The last line edits the “authorized_keys” file, where you have to paste the public key generated on the Edgerouter.
Back on the edgerouter
Now you create this script “/config/scripts/backup-remote.sh” and chmod it 755:
#!/bin/bash sftp_host=192.168.X.X sftp_user=backupuser sftp_folder=/home/backupuser/edge-backups sftp_key=/config/ssh-keys/backup now=$(date +%d%m%y-%H%M) tar -cf - /config | gzip | \ curl -k --key $sftp_key --pubkey $sftp_key.pub \ -u $sftp_user: -T - sftp://$sftp_host$sftp_folder/backup-$now.tar.gz
You should now test if the scripts works by running it. If it does, you need to add the following lines to your Edgerouter configuration to make the script running daily:
set system task-scheduler task backup-conf executable path /config/scripts/backup-remote.sh set system task-scheduler task backup-conf interval 1d
You can also configure the edgerouter to upload a backup when a config is commited:
https://help.ubnt.com/hc/en-us/articles/204960084-EdgeRouter-Manage-the-configuration-file
ubnt@RTR# set system config-management commit-archive location
Possible completions:
Uniform Resource Identifier
Detailed information:
“scp://:@/”
“ftp://:@/”
“tftp:///”
ubnt@RTR# set system config-management commit-archive location tftp://10.1.0.15/RTR
[edit]
ubnt@RTR# commit
Archiving config…
tftp://10.1.0.15/RTR OK
[edit]
Hi Trond,
Did you ever make that work with ssh-keys?
I couldn’t.. thats why I made these scripts 🙂
Best regards,
Alex
This was useful for me.
I have more to backup than just the config.boot file. I want to save my .bashrc, the backup script itself, and /etc/hosts which I set up for dnsmasq.