I wrote a simple process/script for backing up to a remote system using SSH.
This does not write a local backup file but sends it without writing to the storage.
This is great for limited storage systems or when you want to limit writes to an SD card. You will need a remote system with SSH and a user identity on that system.
First, create a directory called "bkupscript" in your /root/ directory:
Next, generate a dropbear SSH key on the openwrt system, and then display the public key:
dropbearkey -t rsa -f /root/bkupscript/id_rsa -s 4096
dropbearkey -f /root/bkupscript/id_rsa -y
The public key displayed will need to be placed on the remote system. This will go in the user's authorized_keys file. Test SSH to the remote system and make sure it is working with no key warnings and does not require a password.
Now create a script file in your backup script directory that will be executed on the openwrt system.
touch backup_script.sh && chmod +x backup_script.sh
Edit the file and insert and edit the following lines. If you are into short instead of descriptive you can simplify and skip the variables, but the method of using variables makes it easier to modify in the future, IMO.
#!/bin/sh SSHKEY="/root/bkupscript/id_rsa" DESTUSER="openwrtbak" DESTSVR="10.10.10.10" DESTFILEPREFIX="/home/openwrtbak/backups/openwrt_backup_" #### date=$(TZ=America/Denver date +%Y%m%d-%H%M) ### # Backup command tar cfvz - $(sysupgrade -l) $SSHKEY $0 | ssh -i $SSHKEY $DESTUSER@$DESTSVR "cat > $DESTFILEPREFIX$date.tar.gz"
Now schedule this in cron to a frequency of your liking:
0 21 * * 1,3,5 /root/bkupscript/backup_script.sh
The script uses the command "sysupgrade -l" that would provide the list of files that would be backed up and appends the SSH key file and the backup script itself. This is provided to the tar create/compress command, piped through SSH and stored on the remote system, never written to the storage on the openwrt system. It's simple! I tried doing it all with the "sysupgrade -b" command but there is no quiet mode that would allow for a STDOUT/STDIN method to transfer it.