Remote Backup Addon for Home Assistant – 3-2-1 Backup Strategy

PROCESS SUMMARY:

1: Load the Repository 2: Load the addon and set-up the config file 3: Generate the key file pair (ssh-keygen) 4: Load public file into the target fileserver machine (ssh-copy-id) 5: Test login from the machine you generated the file into the target machine 6: Edit the config file (if needed) 7: Start the addon 8: Watch the log for problems 9: When run is complete, check that the zipped tar backup file is available on the file server and check that the password works. 10: When it all checks out, set-up an automation to run the backup on a scheduled time and date of your choosing. Sample automation attached.

SAMPLE CONFIG FILE: (1-2,6)

ssh_enabled: true ssh_host: 192.168.60.74 ssh_port: 22 ssh_user: 'UserRemote' ssh_key: HA_ecdsa remote_directory: '/path-on-storage-machine' zip_password: 'Your Password to remember here' keep_local_backup: '14' rsync_enabled: false rsync_host: '' rsync_rootfolder: hassio-sync rsync_user: '' rsync_password: ''

SETTING UP KEY FILES:

GENERATING KEY (3)

Start in a terminal window on a linux machine. All mine are Ubuntu. UserRemote@Rodan:~$ cd .ssh UserRemote@Rodan:~/.ssh$ ls -la total 28 drwx------ 2 UserRemote UserRemote 4096 Jun 26 23:48 . drwxr-xr-x 36 UserRemote UserRemote 4096 Aug 7 16:23 .. -rw------- 1 root root 2882 Jun 26 23:48 known_hosts UserRemote@Rodan:~/.ssh$ ssh-keygen -t ecdsa -b 521 Generating public/private ecdsa key pair. Enter file in which to save the key (/home/UserRemote/.ssh/id_ecdsa): /home/UserRemote/.ssh/HA_ecdsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/UserRemote/.ssh/HA_ecdsa. Your public key has been saved in /home/UserRemote/.ssh/HA_ecdsa.pub. The key fingerprint is: SHA256:ijZtlnsrs5nvcORmk/y7YRAqE5EEACOhgYkDgrEplv7Pfa/y6PWw UserRemote@Rodan The key's randomart image is: +---[ECDSA 521]---+ | .+++.=+=*| | ** *.%=o| | ..oO X.%+| | . = +.O.=| | .S+ ..oo| | .+++.=+=*| | ** *.%=o| | ..oO X.%+| | . = +.O.=| +----[SHA256]-----+ UserRemote@Rodan:~/.ssh$ ls -la total 36 drwx------ 2 UserRemote UserRemote 4096 Aug 13 23:48 . drwxr-xr-x 36 UserRemote UserRemote 4096 Aug 7 16:23 .. -rw------- 1 UserRemote UserRemote 365 Aug 13 23:48 HA_ecdsa -rw-r--r-- 1 UserRemote UserRemote 263 Aug 13 23:48 HA_ecdsa.pub -rw------- 1 root root 2882 Jun 26 23:48 known_hosts

COPY PUBLIC KEY TO MACHINE THAT WILL RECEIVE THE FILES: (4)

UserRemote@Rodan:~/.ssh$ ssh-copy-id -i HA_ecdsa.pub UserRemote@192.168.60.74 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "HA_ecdsa.pub" The authenticity of host '192.168.60.74 (192.168.60.74)' can't be established. ECDSA key fingerprint is SHA256:ijZtlnsrs5nvcORmk/y7YRAqE5EEACOhgYkDgrEplv7Pfa/y6PWw. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed The authenticity of host '192.168.60.74 (192.168.60.74)' can't be established. ECDSA key fingerprint is SHA256:ijZtlnsrs5nvcORmk/y7YRAqE5EEACOhgYkDgrEplv7Pfa/y6PWw. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys The authenticity of host '192.168.60.74 (192.168.60.74)' can't be established. ECDSA key fingerprint is SHA256:ijZtlnsrs5nvcORmk/y7YRAqE5EEACOhgYkDgrEplv7Pfa/y6PWw. Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/home/UserRemote/.ssh/known_hosts). Enter passphrase for key '/home/UserRemote/.ssh/id_rsa': UserRemote@192.168.60.74's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'UserRemote@192.168.60.74'" and check to make sure that only the key(s) you wanted were added.

TEST THE LOGIN WORKS WITHOUT PASSWORD: (5)

UserRemote@Rodan:~/.ssh$ ssh UserRemote@192.168.60.74 The authenticity of host '192.168.60.74 (192.168.60.74)' can't be established. ECDSA key fingerprint is SHA256:ijZtlnsrs5nvcORmk/y7YRAqE5EEACOhgYkDgrEplv7Pfa/y6PWw. Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/home/UserRemote/.ssh/known_hosts). Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-42-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Thu Aug 13 23:51:01 CDT 2020 System load: 4.41 Users logged in: 1 Usage of /: 22.3% of 72.83GB IPv4 address for docker0: 172.17.0.1 Memory usage: 8% IPv4 address for enp4s0f0: 192.168.60.73 Swap usage: 0% IPv4 address for enp4s0f1: 192.168.60.74 Processes: 318 * Are you ready for Kubernetes 1.19? It's nearly here! Try RC3 with sudo snap install microk8s --channel=1.19/candidate --classic https://microk8s.io/ has docs and details. 0 updates can be installed immediately. 0 of these updates are security updates. Last login: Sun Aug 2 20:57:55 2020 from 192.168.60.12 UserRemote@eldrad:~$ exit logout Connection to 192.168.60.74 closed. UserRemote@Rodan:~/.ssh$ ls -la total 36 drwx------ 2 UserRemote UserRemote 4096 Aug 13 23:50 . drwxr-xr-x 36 UserRemote UserRemote 4096 Aug 7 16:23 .. -rw------- 1 UserRemote UserRemote 365 Aug 13 23:48 HA_ecdsa -rw-r--r-- 1 UserRemote UserRemote 263 Aug 13 23:48 HA_ecdsa.pub -rw------- 1 root root 2882 Jun 26 23:48 known_hosts UserRemote@Rodan:~/.ssh$ cp HA_ecdsa /run/user/1000/gvfs/smb-share:domain=etc,server=192.168.60.67,share=ssl,user=UserRemote UserRemote@Rodan:~/.ssh$

SAMPLE ADD-ON SET-UP LOG SESSION: (7-8-9)

Remote Backup [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 00-banner.sh: executing... ----------------------------------------------------------- Add-on: Remote Backup Automatically create HA snapshots to remote server location using SCP ----------------------------------------------------------- Add-on version: 4.3.1 You are running the latest version of this add-on. System: Ubuntu 18.04.5 LTS (amd64 / qemux86-64) Home Assistant Core: 0.113.3 Home Assistant Supervisor: 232 ----------------------------------------------------------- Please, share the above information when looking for help or support in, e.g., GitHub, forums or the Discord chat. ----------------------------------------------------------- [cont-init.d] 00-banner.sh: exited 0. [cont-init.d] 01-log-level.sh: executing... [cont-init.d] 01-log-level.sh: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Adding SSH key Creating local backup: "Automated backup 2020-08-14 00:27" Backup created: 9b798ba7 Copying password-protected 9b798ba7.zip to /path-on-storage-machine on 192.168.60.74 using SCP adding: 9b798ba7.tar (deflated 6%) Warning: Permanently added '192.168.60.74' (ECDSA) to the list of known hosts. Command completed successfully. Backup process done! [cmd] /run.sh exited 0 [cont-finish.d] executing container finish scripts... [cont-finish.d] 99-message.sh: executing... [cont-finish.d] 99-message.sh: exited 0. [cont-finish.d] done. [s6-finish] waiting for services. [s6-finish] sending all processes the TERM signal.

SET_UP AUTOMATION FOR THE INTERVAL YOU WANT: (10)

automation: #################################################### # Daily Back-up # #################################################### - id: e297213a-c74a-456d-875f-d90e44667cf4-must-be-unique alias: Daily Backup initial_state: on trigger: platform: time at: 03:27:19 condition: # remove this section for every day - condition: time # or change to fit your needs weekday: # weekday can be month/year also. See HA Docs. - tue - wed - thu - sat - sun action: - service: hassio.addon_start data: addon: 3490a758_remote_backup