Backing up from a My Cloud Mirror to a My Cloud device via rsync

After a long search, and finding only partly solutions, I’d like to share my steps to backup data from a WD My Cloud Mirror (MCM) to a WD My Cloud (MC) device via rsync. At this moment, I don’t know if there are other options to do an (automatic) backup without the intervention of a pc.

I’d like to mention that I am not a Linux expert and I’d like to hear if the steps taken by me are correct or could be improved. These steps worked for me. Follow them at your own risk.
I will edit this post with new insights and information whenever availlable.

You’ll need Putty/Kitty or some other SSH client to set this up.

Step 1: Enable SSH on both devices (see Settings -> Network in the web UI)
Step 2: Create a new share via the web UI on the MC. I’ve called mine ‘rsync’.
Step 3: Follow the steps (found here):

  • Login into your WD MyCloud with user ‘root’ and password ‘welc0me’
  • Execute: sudo nano /etc/default/rsync
  • Modify the following line to enable rsync: RSYNC_ENABLE=true
  • Create the config file: sudo nano /etc/rsyncd.conf
  • Copy and paste the following contents in this file:

pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsync.log
max connections = 1
timeout = 300

[rsync]
comment = My rsync backup
path = /shares/rsync
uid = root
gid = share
read only = no
list = yes
auth users = sshd
secrets file = /etc/rsyncd.secrets

  • Note that the path should be the share created in step 2. ‘auth users’ should be the ssh user of the MCM (sshd, or any other user you define in the credentials file as described next.)
  • You can add hosts allow = 192.168.0.0/24 to whitelist IP’s to the bottom of the file (source and more info about rsync daemon).
  • Create the credentials file:

sudo nano /etc/rsyncd.secrets

  • formatting: sshd:password

chmod 600 /etc/rsyncd.secrets

  • Start rsync and make it start as a daemon server after every reboot:

sudo /etc/init.d/rsync start
cd /etc/rc2.d
ln -s …/init.d/rsync S91rsync

Step 4: Try if this device (MC) can pull data from the MCM with rsync:

rsync -v -L -rlt -z -p --delete --delete-excluded --delete-after --progress --exclude ‘.wdmc’ “sshd@ip_mcm:/shares/Public/Test” “/shares/rsync/”

  • Assuming there is a directory called ‘Test’ in the ‘Public’ share. The target directory will be automatically created.
  • Replace ip_mcm with the ip-address of the MCM.
  • If it asks for a password, type in the ssh-password of the MCM.
  • Type in rsync --help to see what all parameters do.

To push from MCM to MC, run the following on MCM:
rsync -v -L -rlt -z -p --delete --delete-excluded --delete-after --progress --exclude ‘.wdmc’ “/shares/Public/Test” rsync://ip_mc/rsync/

  • If it asks for a password, type in the password defined in de credentials file.

Step 5: ssh without password (source / alternative) - you don’t need this if you use rsync:// in the command.

  • Run the following command on the MC: ssh-keygen
    If it asks for a filename or a passphrase, just leave it blank and press enter.
  • Run the following command:
    ssh-copy-id -i ~/.ssh/id_rsa.pub sshd@ip_mcm
    (where ip_mcm is the ip address of the MCM)
    If it asks for a password, fill in the SSH password of the MCM.
  • It should now be possible to perform rsync from step 4 without a password.

To run rsync periodically, you can set up a cron job. I didn’t try this yet, but I think you can follow the steps mentioned here or here. I will update this topic as soon as I’ve tried this too.

Notes / questions
I’ve also tried to do this the other way around (running rsync on the MCM and pushing to the MC), but ran into some issues:

  • ‘ssh-copy-id’ isn’t recognized. See the alternative in step 5 to fix it.

  • ‘nano’ is not availlable on MCM. The alternative is ‘vi’, but it is harder to use.

  • If the devices are not on the same network, you can read about forwarding ports here.
    Some tips (found here):
    -Use a less common external port other than TCP port 22
    -Change to a strong root password! You can change it with the ‘passwd’ command in Putty (recommended).
    -If possible, add a ssh-user and only allow this user to log in with, so you don’t have to use the vulnerable root user (I’d like advice on this. How to make my data as safe as possible?)
    -If the cloud “server” has dynamic IP, you can access using 3rd party dynamic DNS or the ones provided by wd2go.com. i.e. wdmycloud.device(DeviceID).wd2go.com.
    -If the both devices are on a different physical location, you can only allow the other location’s IP-address to connect to this port (if your router supports this).

  • It’s a shame that MC and MCM don’t support Remote backup / Safepoints both. Why is it so hard, WD?

  • The users and credentials defined in step 3 aren’t needed if you have ssh access to the device. (Use the command without rsync:// and use the ssh password.)

  • Question: why don’t the devices save the ssh-keygen keys after a reboot?

Hi,

I haven’t try this before. Let’s see if any of the users on the community can share some information about it.

I updated the original post several times with new insights and sources. Still hope that someone can review it and can give advice on the security of my devices / ssh.