First of all, the correct command is:
ssh user@my.external.ip.address
And the router should be configured to forward the SSH port 22 to your server's local IP address.
For further debugging:
1) Check that port 22 (SSH) is open on your server and on the router (port forwarding).
2) Check that the SSH server is running on your server
3) Use ping
, ssh -v
while connecting and look at /var/log/auth.log
to debug any further connection problems.
1) On your router: follow router specific instructions
On your server: sudo ufw status
(unless you use another firewall configuration utility) or sudo iptables -L
(general method, but complex output)
To open port 22: sudo ufw allow 22
cf https://help.ubuntu.com/12.04/serverguide/firewall.html
2) Check it is installed: dpkg -l openssh-server
Check it is running: service ssh status
or ps aux | grep sshd
3) On the connecting client:
ping my.external.ip.address
ssh -v user@my.external.ip.address
On the server:
sudo less /var/log/auth.log
You can check the router logs as well if necessary.
Here's an online port scanner: https://www.grc.com/x/ne.dll?bh0bkyd2
I think you can use tools like nmap or other as well, but I'm not that familiar with them yet.
Dealing with a changing external IP address:
1) Get a dynDNS or similar account: http://dyn.com/dns/
Lists of dynamic DNS providers:
2) Another solution, is to set up a crontab job, which regularly mails you your external IP address or puts in into an online storage service like dropbox.
Here's a script a friend of mine uses:
#!/bin/bash
# Bash script to get the external IP address
MYWANIP=$(curl http://mire.ipadsl.net | sed -nr -e 's|^.*<span class="ip">([0-9.]+)</span>.*$|\1| p')
echo "My IP address is: $MYWANIP"
IPold=$(cat /home/USER/Dropbox/test.txt)
echo "Previous IP Address: $IPold"
if [[ $IPold != $MYWANIP ]] ;
then
echo "New IP"
rm /home/USER/Dropbox/test.txt
echo $MYWANIP >> /home/USER/Dropbox/test.txt;
echo $MYWANIP;
else
echo "Same IP";
fi
# example crontab entry:
## m h dom mon dow command
## */10 * * * * /home/USER/Dropbox/test_ip.sh
Router port forwarding:
1) First, figure out your router's local IP address by running:
ip route | grep default
It is usually something like 192.168.x.x.
Alternative ways and other OS solutions:
2) Using any computer connected locally to the router, access the IP found previously, i.e. via http://192.168.1.1 for example. This should bring up the router configuration interface.
3) The next steps vary depending on your router. Here is how it is done on a router with OpenWRT for example:
https://newspaint.wordpress.com/2012/08/26/how-to-add-a-port-forward-using-the-web-interface-on-openwrt-10-03-1/
Best Answer
SSH Public Key Authentication
The first thing you want to do is start with ssh public key authentication. This will let your script use SSH without a password.
All that the server needs is SSH installed, and public key authentication set up for the user that will be running the backup script from the RasPi.
Here's a good tutorial for public key authentication: https://hkn.eecs.berkeley.edu/~dhsu/ssh_public_key_howto.html
Option 1: SSH and Tar
You can compress the tar.gz from the server and transmit it directly over ssh with something like this:
This will make the VPS tar and gzip all files on / and transmit it over SSH to store in vpsbackup.tar.gz on the RasPi. A log of the most recent backup will be kept on /var/log/sshbackup on the VPS.
Option 2: Rsync
Sending an entire .tar.gz over SSH is inefficient... Files that don't change will still be transmitted. A better solution is to use rsync, but this makes it difficult to make a .tar.gz that preserves permissions. If you have enough storage space on the RasPi, you can just store the backup files as plain ol' files. Then you can have a script tar.gz them if you want to keep multiple past backups.
The server needs rsync installed. This will run over SSH, so you still use the public key authentication, and keep the encryption. You will need to run this command as root and have public key authentication and SSH logins for root enabled to preserve permissions. Your destination (or at least a temporary destination) should be a Linux filesystem. If you're storing these backups on a FAT or NTFS partition (e.g. on most external hard drives), you can make a loopback filesystem (see http://www.walkernews.net/2007/07/01/create-linux-loopback-file-system-on-disk-file/) for temporary storage. The tar.gz file can be stored on any partition, because it preserves permissions on its own.
An example rsync command:
be careful when using --delete, especially as root! It will delete any files in the destination directory that do not exist on the backup source. You should only use --delete when syncing to a dedicated backup directory being used only for that VPS. You should also make sure there is no possibility of your script syncing to the wrong destination (e.g. if /path/to/backup/destination is determined by a shell variable)
rsync will only transfer files that are different between the source and destination. If you have large files, it will also only transfer parts of the file that have changed (for this to work, you must add the -c flag). This means you are using minimal bandwidth, but it'll use more CPU and slow down re-sync preparation times as both sides need to first checksum files to determine which blocks to transfer. If you do use the -c flag and you have large files (such as database files) and/or a flaky connection, consider adding --partial --append, which enables you to resume transfers after a connection is interrupted.