Meanwhile I have worked out any issues and have a solution which works for me since a few weeks. In case anybody is interested I am posting the details here. This article by Troy Johnson has helped along the way.
Prerequisites
- Truecrypt installed on Linux and available on the path
- a TC container prepared and available at
/home/deepc/var/backup.tc
- cygwin and rsync installed on Windows and available on the path
Linux
I made two shell scripts to mount and unmount the Truecrypt container on the Linux box. Those scripts are being called remotely via ssh from the Windows machine:
~/bin/backup-mount.sh:
#!/bin/bash
# usage: backup-mount.sh <password>
~deepc/bin/backup-umount.sh
echo "$1" | sudo truecrypt -t --slot=2 -k "" --volume-type=normal --protect-hidden=no /home/deepc/var/backup.tc /home/deepc/mnt
~/bin/backup-umount.sh:
#!/bin/sh
sudo truecrypt -d /home/deepc/var/backup.tc
Windows
remote-backup.cmd:
@echo off
setlocal
set HOME=c:\home
set LC_ALL=de_DE.utf-8
set LC_CTYPE=de_DE.utf-8
set LANG=de_DE.utf-8
rem --iconv=utf-16,iso-88591
ssh -p THESSHPORT -i ../.ssh/id_dsa deepc@theremotehost.com bin/backup-mount.sh THEPASSWORD
rsync -rltvzPm --modify-window=1 --exclude-from=../etc/backup/excludes.txt --chmod=ugo=rwX --delete --delete-excluded --files-from=../etc/backup/files-from.txt -e "ssh -p THESSHPORT -i ../.ssh/id_dsa" --log-file=../tmp/remote-backup.log /cygdrive deepc@theremotehost.com:/home/deepc/mnt
ssh -p THESSHPORT -i ../.ssh/id_dsa deepc@theremotehost.com bin/backup-umount.sh
Put this batch file into the task scheduler, e.g. with a daily schedule. Be sure to adjust username, remote host, ssh port, Truecrypt container password, and of course the backup paths. Sorry but I could not bring myself to clean this up more after having wasted too much time already...
With this script Rsync will read includes and excludes from two text files, e.g.:
files-from.txt:
/c/Home/
/c/Users/deepc
...
excludes.txt:
Firefox/Cache
Firefox/*.lock
Thunderbird/*.lock
Thunderbird/**/*Junk*
Thunderbird/**/filterlog.html
Thunderbird/**/*.msf
Home/tmp
...
Done?
This is answers the original question. There is only one minor issue: special characters in filenames on Windows are mangled on Linux, with ext2 being used in the TC container on Linux. I tried all combinations for the --iconv parameter I could think of but to no avail. Seems I have to live with that - unless some brave soul has read until here, knows the answer, and enlightens me in a comment ;-) (NTFS in the container is not an option)
Best Answer
--password-fileonly sets a password if you're using the rsync daemon. It has no effect when using rsync over rsh or ssh.The recommended authentication method over ssh is to use public keys. It's both the secure method and the simple method. Generate a private key on the client side (
ssh-keygen) and runssh-copy-idto copy it to the server.If there's an extremely good reason why you're not using ssh keys (hint: there probably isn't), you can use expect to insert the SSH password into the stream. It's not supposed to be easy to do, in fact SSH is designed to make this difficult, for good reason (passwords are bad for security, and the way you're using that password makes it particularly exposed).