The Scenario

You have a folder you would like to remotely backup on a regular basis, and you want to make sure this is done securely.  From the command line, it's quite easy to do this with a single command of rsync...however, you don't want to have to run this by hand every time.  Adding a cron job would be the obvious solution, but then how do you type in the password of the remote ssh user?  You certainly don't want to store this password in clear text on your system.  And using the rsync daemon will do the transfers across whatever network without encryption...so not a good solution there either.  But ssh has a solution, log in to the remote machine without a password.

(For these examples, all commands will be run as root...on both the local and remote hosts)

Step 1: the "no password" ssh setup

The real key to this whole scenario is the ability to securely log into the remote system, without the aid of a password.  We do this so the cron job will execute without errors or expecting to be passed the password.  This is accomplished with the use of a public/private key set.  

Create the key pair with the following command:

root@[localhost]:/root# ssh-keygen 

I'd recommend choosing the default location, and using no passphrase for the pair.  Even if we used a passphrase, we'd have to store it somewhere in the system in clear text...so there's really no point.  We're running this as root anyways, and the files will be located in the root folder.  Non-sudo users will not have access to them.

Now we need to copy the public (NOT private) key file over to the root directory on the remote host, using the following command:

root@[localhost]:/root# scp id_rsa.pub root@[remotehost]:~/

Once that's done, you'll need to log into the remote machine.

Concatenate the public file into root's authorized_keys file:

root@[remotehost]:/root# cat id_rsa.pub >> .ssh/authorized_keys

Then delete the public key file (on the remote system only):

root@[remotehost]:/root# rm id_rsa.pub 

You can now log out of the remote system, and test logging into it without the use of a password:

root@[localhost]:/root# ssh root@[remotehost]

As long as it didn't ask for a password, you're on the right track.

(If you're having issues, make sure you're running this as root, and logging into the remote system as root.)

Step 2: rsync + cron script (nothing special here)

The following rsync command is what I used, your milage may vary:

root@[localhost]:/root# rsync --delete -azvv -e ssh /local/folder/to/backup root@[remotehost]:/remote/backup/location

I'd recommend running your intended command to make sure that it's not depending on any feedback from you.

After this command is issued, the synchronization will begin.  If this is the first time your running rsync on this folder, the backup will need to copy over each file...which could take a bit of time, depending on the overall size of the folder.

Now we can create the script, we'll call it 'sync'.  Using your favorite text editor, create /root/sync and add the following two lines:

#!/bin/bash

rsync --delete -azvv -e ssh /local/folder/to/backup root@[remotehost]:/remote/backup/location

Save the close the file.  Then make sure the file is executable (at the same time, I'm going to make sure it's only readable and writable by root):

root@[localhost]:/root# chmod 700 sync 

We can now test the script by running:

root@[localhost]:/root# ./sync 

Since you've already run the rsync command recently, it should run fairly quickly this time...it will only transfer files that have changed.

Now you can install the script into the crontab:

root@[localhost]:/root# crontab -e

To run it every hour on the hour, add:

0 * * * * /root/sync

That's it, this folder will be synced from now on.