Rsync: how to mount truecrypt on-the-fly on the receiving side


The short version: how can I keep an rsync backup on a truecrypt volume? The hard part is to mount/unmount this volume on the fly when it is needed for rsync.


This is my current backup configuration (which works fairly well for the most part):

  • backup source is on Win7 64 bit, destination is a remote Linux box (Debian)
  • actual data transfer is done by rsync via ssh (cwRsync with cygwin)
  • rsync daemon is started on demand via ssh

On the Linux box the backup is protected by file permissions only. I want to increase security here and put the backup into a truecrypt volume. I can fuse-mount that volume manually in the shell. The question is now how can I make rsync not only open an ssh connection and starting the rsync daemon, but also to mount the truecrypt volume before (and unmount it after)?

My money is on option --rsync-path which can be used to pass a command line to ssh – provided that stdin and stdout still work the same. I guess that command would have to be a shell script. Is this possible, and what would the script look like?

For reference, here's a quote of that option:


Use this to specify what program is to be run on the remote machine to start-up rsync. Often used when rsync is not in the default remote-shell's path (e.g. --rsync-path=/usr/local/bin/rsync). Note that PROGRAM is run with the help of a shell, so it can be any program, script, or command sequence you'd care to run, so long as it does not corrupt the standard-in & standard-out that rsync is using to communicate.

One tricky example is to set a different default directory on the remote machine for use with the --relative option. For instance:

rsync -avR --rsync-path="cd /a/b && rsync" host:c/d /e/

This is the full rsync man page.

Best Answer

Meanwhile I have worked out any issues and have a solution which works for me since a few weeks. In case anybody is interested I am posting the details here. This article by Troy Johnson has helped along the way.


  • Truecrypt installed on Linux and available on the path
  • a TC container prepared and available at /home/deepc/var/
  • cygwin and rsync installed on Windows and available on the path


I made two shell scripts to mount and unmount the Truecrypt container on the Linux box. Those scripts are being called remotely via ssh from the Windows machine:


# usage: <password>
echo "$1" | sudo truecrypt -t --slot=2 -k "" --volume-type=normal --protect-hidden=no /home/deepc/var/ /home/deepc/mnt


sudo truecrypt -d /home/deepc/var/



@echo off
set HOME=c:\home
set LC_ALL=de_DE.utf-8
set LC_CTYPE=de_DE.utf-8
set LANG=de_DE.utf-8

rem --iconv=utf-16,iso-88591
ssh -p THESSHPORT -i ../.ssh/id_dsa bin/ THEPASSWORD
rsync -rltvzPm --modify-window=1 --exclude-from=../etc/backup/excludes.txt --chmod=ugo=rwX --delete --delete-excluded --files-from=../etc/backup/files-from.txt -e "ssh -p THESSHPORT -i ../.ssh/id_dsa" --log-file=../tmp/remote-backup.log /cygdrive
ssh -p THESSHPORT -i ../.ssh/id_dsa bin/

Put this batch file into the task scheduler, e.g. with a daily schedule. Be sure to adjust username, remote host, ssh port, Truecrypt container password, and of course the backup paths. Sorry but I could not bring myself to clean this up more after having wasted too much time already...

With this script Rsync will read includes and excludes from two text files, e.g.:






This is answers the original question. There is only one minor issue: special characters in filenames on Windows are mangled on Linux, with ext2 being used in the TC container on Linux. I tried all combinations for the --iconv parameter I could think of but to no avail. Seems I have to live with that - unless some brave soul has read until here, knows the answer, and enlightens me in a comment ;-) (NTFS in the container is not an option)

Related Question