Here is how I set up the remote backup-destination server to trigger backups to start on my PC when the remote computer starts up.
Short version:
I use SSH as the backup channel, so when the remote ‘backup destination’ machine boots up I have a Windows scheduled task which runs a script that opens an SSH tunnel to the ‘backup source’ machine, then executes a script on that machine to start the backup job. Example SSH from my script:
ssh userid@backupsource.net –t remote_comand
Long Version:
First a little background:
I’ve chosen to exchange backup data using SSH tunnels, requiring an SSH server on the computer that will receive the backup data. My source data is on an Ubuntu computer has SSH server installed because I use it for remote access. I also need the destination computer, a Windows 10 PC 500 miles away, to run an SSH Server so that I can backup to is by SSH. Ideally, I want to be able to log into either computer, from the other, using SSH Key based authentication so that user account passwords are not exchanged during login, nor get stored in the Duplicati configuration.
There are a few building blocks to this setup, so I’ll try and break them out for clarity.
- Setting up Windows Subsystem for Linux (WSL) on the Windows PC
- Setting up ssh-key based authentication
- Making WSL run the ssh service when the computer starts
- Setting up Duplicati
- Triggering backups to start when the destination is booted
And here is the detailed description:
- Setting up Windows Subsystem for Linux on the Windows PC
There’s probably an easier way to get an SSH server running on a windows server, I’ve done it with Cygwin in the past, but now that x64 Windows 10 (build 1709 and later) offers WSL, we can run a native instance of Ubuntu inside Windows, and its vendor supported, so here goes:
In Control Panel, find “Turn Windows Features on or off” and enable the Windows feature “Windows Subsystem for Linux” and reboot
Download and install a Linux image from the Microsoft Store – I chose Ubuntu because it’s what I’m comfortable with. Then reboot again
Check that you can get a Linux session to run by clicking start and typing “bash” without the quotes and press enter. If all went well, you should get a command prompt in a black window which looks very similar to a windows command prompt, but with more colour.
If you have problems, you’ll have to resolve them before you move on. Most likely this will mean re-downloading the Linux image from Microsoft Store, and/or rebooting. If you get stuck, professor google can help.
Once you have a bash session running on the Windows computer install OpenSSH in the Ubuntu instance. Typically for Ubuntu, the command is:
sudo apt install openssh
It should download, install and automatically start the SSH service, allowing you to log in to the windows server using an SSH client on another computer.
I had to make some changes to the personal firewall (in this case Avast) and to the broadband router and set up dynamic DNS so I can consistently find each computer on the internet. These steps are fairly straightforward and if you need help there is ample documentation available on the internet, so I won’t cover that here.
- Setting up ssh-key based authentication
Now that I can log in using SSH from the source to the destination and the destination to the source I configured both SSH servers to accept key based authentication from each other so that a password is not required (see above reasoning).
This is pretty simple, just run the following commands on each computer, making the necessary username and computer address adjustments:
I accepted the defaults so that no passphrase is required to use the key:
ssh-keygen
this will require password authentication:
ssh-copy-id userid@backupdestination.net
this time no password is required to connect to the other machine.:
ssh userid@backupdestination.net
I then edited the sshd.conf file to turn off PasswardAuthentication to prevent any connections not using a pre-shared key. I then restarted both SSH servers with the following command:
sudo service sshd restart
-
Making WSL run the SSH service when the computer starts
When the Windows computer boots up it does not automatically start the SSH server inside the Linux instance in WSL. It might be possible to do this in the future with cron or systemd or upstart, but right now I have taken advice from the internet and set up a windows scheduled task to run which in turn runs a VBS script that starts the SSH server. I’ll put scripts at the end of this post because I later embellished this script to make it also start the backup job. Now we have fixed the problem where rebooting the Windows PC does not restart the SSH server. -
Setting up Duplicati
I set up the backup job on my Ubuntu Computer at home to back up my data to the Ubuntu instance on WSL on the remote computer. WSL gives access to the local drives so I created a folder to put my backup data in on the d: drive and configured Duplicati to authenticate using the SSH key file that we generated earlier. This also is documented elsewhere, so I won’t go into details here.
I did an initial backup and then a few incremental backups just for my own peace of mind that everything is working properly. -
Triggering backups to start when the destination is booted
SSH has a feature that allows you to log in to a remote computer and run a command on that computer. The SSH session will stay open while the command is running and close automatically when it completes. The command line option is -t as follows:ssh userid@backupdestination.netssh userid@backupsource.net –t remote_comand
The remote command canbe anything that will runs as the user we are logging in as, such as the Duplicti command like that can be ‘exported’ from the browser UI.
I added this to the .vbs script that triggers the SSH server to start at boot time in the WSL Ubuntu instance on the Windows 10 computer. I also added in a delay just to let things settle before starting the backup. The script is quoted below. In my case, I call a further script on the backup source PC instead of just executing the Duplicati commandline , just so that I have more control over what happens, and so that the encryption password is not stored on the backup destination computer.
“C:\Users\myname\ssh_kickstart.vbs”
set ws=wscript.createobject("wscript.shell")
ws.run "C:\Windows\System32\bash.exe -c 'sudo /usr/sbin/sshd -D'",0
ws.run "C:\Windows\System32\bash.exe -c 'ssh myname@backupsource.net -t /home/myname/DUPLICATI_go.sh'",0
The script that it calls on the backup source computer is as follows, this is basically the exported command from Duplicati, with the output redirected to a file on the source computer to act as a record of the transaction, and also to enable me to add in the capability in the future to only run the backup if 24 hours has past since it last completed.
“/home/myname/DUPLICATI_go.sh”
#!/bin/bash
sudo mono "/usr/lib/duplicati/Duplicati.CommandLine.exe" backup "ssh://backupdestination.net//mnt/f/backups_from_other_people/backupsource/?auth-username=myname&auth-password=notmypassword&ssh-keyfile=%2Fhome%2Fmyname%2F.ssh%2Fid_rsa&ssh-fingerprint=ssh-rsa12345abcdef" "/usr/local/bin/" "/usr/share/collectd/types.db" "/etc/" --backup-name="source -> destination" --dbpath="/root/.config/Duplicati/XXXXXXXXXX.sqlite" --encryption-module="gpg" --compression-module="zip" --dblock-size="50mb" --keep-time="3M" --passphrase="**********" --disable-module="console-password-input" > DUPLICATI.lastlog
To make this work, I had to add /usr/bin/mono to sudoers for the appropriate user.
With all that done, the backup now triggers every time the remove backup destination boots up, so long as the internet is still working 
Things to do (help/suggestions welcomed):
• Get the script on the source computer to check whether or not 24 hours has passed since the last backup job completed.
• Change the backup job command so that the webGUI is updated with the status and/or count of the incremental backups.