Using Carbon Copy Cloner to backup to another Macintosh on your network

This article is for an older version of CCC. You can find the latest version here.
Product: 
ccc3

Carbon Copy Cloner offers the option of securely copying your selected data to another Macintosh on your network (or anywhere on the Internet for that matter) via the "Remote Macintosh..." options in the Source and Destination menus. After a brief setup procedure to establish trust between your machine and the destination machine, simply indicate the IP address or hostname of the machine to which you have access and CCC will take care of the rest.

Note: Backing up to a remote Macintosh is not the same as backing up to a network filesystem. If you don't require a bootable backup and you are only backing up files for which you are the owner, it will be easier to enable file sharing on the remote machine and back up directly to the mounted sharepoint.

To successfully set up CCC to back up to a remote Macintosh, you must:

  1. Confirm that the remote Macintosh is running a supported OS
  2. Enable Remote Login on the remote Macintosh
  3. Determine the Unix path to the folder on that machine that you would like to back up to
  4. Install an "Authentication Credentials" package on your local machine (CCC will place this package on your Desktop)
  5. Transfer that same "Authentication Credentials" package to your remote Macintosh and install it there
  6. Verify that the system time on each Macintosh is reasonably in sync with the other
  7. Confirm that the backup device on the remote Macintosh is ready and mounted (CCC does not currently perform this verification).
  8. Manually disable the "Ignore ownership on this volume" setting in the destination volume's Get Info window in the Finder.
  9. Verify that any firewalls between the two Macs are permitting "secure shell" traffic over port 22.

Configuring CCC to back up to a remote Macintosh is an advanced configuration scenario. If you are unsure of any of these settings, please seek advice at the Bombich Software Help Desk before proceeding.

Configuring Remote backup

Enabling Remote Login on the remote Macintosh

To enable Remote Login on your remote Macintosh:

  1. Log in to that machine as an admin user
  2. Launch the System Preferences application.
  3. Open the Sharing Preference Pane
  4. Check the box next to "Remote Login".
  5. Be sure to allow access to "All users", or explicitly add the "Administrators" group to the list of restricted users and groups.

Determining the "Remote Macintosh hostname or IP address"

To determine the value to enter into this field:

  1. Log in to the remote Macintosh as an admin user
  2. Launch the System Preferences application
  3. Open the Sharing Preference Pane
  4. Click on the Remote Login service in the list of services
  5. In the settings area on the right, you will see a message to the effect of "To log in to this computer remotely, type "ssh username@yourhost.yourdomain.com" at a shell command prompt." The text after the "@" symbol is the hostname or IP address that you will provide in the "Remote Macintosh hostname or IP address" text field.

Determining the "Path to backup directory"

To produce a backup that your source Macintosh can boot from, we recommend that you dedicate a volume to the backup task. The backup volume can be an internal or external volume, though an external volume will be most convenient in a disaster recovery scenario. Be sure to prepare the volume for use with CCC per the instructions in the article titled Preparing a hard drive for use with Carbon Copy Cloner. When you have identified a volume to use on the remote Macintosh for backup, do the following to determine the value to enter in the "Path to backup directory" text field:

  1. Log in to the remote Macintosh as an admin user
  2. Launch the Disk Utility application
  3. Click on the backup volume in the list of devices on the left side of the window
  4. Locate the "Mount point" value at the bottom of the window — this is the value that you will enter into the "Path to backup directory" field in CCC's Remote Macintosh dialog window on the source machine. The format of this value is typically "/Volumes/Backup Disk".

If you do not intend to create a bootable backup, you may also create a folder on the remote Macintosh that can be used for the backup task:

  1. Log in to the remote Macintosh as an admin user
  2. Create a folder in your desired location
  3. In the Finder, click on the destination folder that you created
  4. From the Finder's "File" menu, choose "Get Info"
  5. In the "General" section of the Get Info panel, the "Where" attribute indicates where that folder is located. The path to your backup directory will consist of that location, plus "/", plus the name of your destination directory. For example, I just created a folder named "Backups" in the /Users/Shared directory on my remote Macintosh. The Get Info panel indicates that it is located at "/Users/Shared", therefore the path to my backup directory is "/Users/Shared/Backups".

Bandwidth management options

CCC offers two options that can help you address bandwidth concerns. The option to "Compress data passed over the network" can greatly reduce your backup time and total bandwidth used. The time savings depends on just how slow the connection is between the two Macs. If you have a connection that is slower than 10MB/s, compression will make the transfer faster. If your bandwidth is better than that, compression will actually slow down your transfer. CCC will not compress certain file types that are already compressed, such as graphics files, movies, and compressed archives.

CCC also offers a bandwidth limitation option. If your ISP requires that your transfers stay below a certain rate, you can specify that rate here. Note that CCC errs on the conservative side with this rate, so the average transfer rate may be slightly lower than the limitation that you specify.

The "Authentication Credentials" package installer

Before you can back up to a remote Macintosh, you must first set up "public key authentication" (PKA) between the Macintosh that you're running Carbon Copy Cloner on and the Macintosh that you'd like to back up to. With PKA, you don't need to provide a username/password to access the remote machine. Instead, CCC uses pre-shared, 128-bit key pairs to identify the source and destination machines.

To create the Authentication Credentials installer package:

  1. Choose "Remote Macintosh..." from the Source or Destination menu
  2. Click on the button to "Create Authentication Credentials package"

When you click on the button to create an Authentication Credentials package, CCC will generate this key pair, create a package installer, then install the package onto your local Macintosh. When this procedure is complete, transfer the package to your remote Macintosh and install it there as well by double-clicking on the package. If you use FTP or a non-HFS+ formatted volume to transfer the package to the remote Mac, right-click on the Authentication Credentials package and choose the option to compress the package first. FTP and non-HFS+ formatted volumes will strip important information from the Authentication Credentials package and render it unusable on the Remote Mac.

Note that you are NOT required to enable the root account on either machine. This is avoided by using public key authentication instead of password-based authentication.

Remote machine requirements

At this time, CCC requires the use of the root account (though it does not have to be enabled) on both the source and destination machines. To successfully back up to a remote machine, you must have administrative privileges on both machines. This may be improved upon in a future release.

CCC also requires that the remote machine be running Mac OS 10.6.8 or later.

Additional pointers for advanced users

Carbon Copy Cloner's public key-based authentication is designed to work with no additional configuration of the services required for backing up over a network connection. CCC uses rsync over an ssh tunnel (port 22 by default) to perform the backup. If you do make modifications to the sshd configuration, consider how that may affect your backup. For example, CCC requires use of the root account over ssh. If you set the "PermitRootLogin" key in the sshd_config file to "no", you will not be able to use CCC to or from that machine. It's an important distinction to note that the root account does not have to be *enabled*, but sshd must permit the use of the root account. The "PubkeyAuthentication" key can also not be set to no, Public Key Authentication is required for CCC to authenticate to the remote Mac.

Troubleshooting connectivity problems to a remote Macintosh

Problems connecting to a remote Macintosh generally are caused by configuration problems with the Remote Login service on the remote Macintosh. Try the following if you are having trouble making a backup to a remote Mac:

  1. Verify that the Remote Login service is enabled in the Sharing preference pane on the Remote Macintosh
  2. Verify that access to the Remote Login service is allowed for "All users"
  3. Confirm that you have created an "Authentication Credentials Installer Package" on the local Mac, then transferred it to the remote Mac and installed it there
  4. Verify that your firewall and the remote Mac's firewall permits traffic on port 22. If you have an application firewall in place (e.g. Little Snitch), verify that access is granted to "Carbon Copy Cloner" and "ccchelper".
  5. If your local Mac and remote Mac are not on the same network (e.g. you're connecting across a VPN or through a router and over the Internet), confirm that a connection can be established between the two Macs. How you do this will vary from one scenario to the next, but you can generally verify connectivity by typing "ssh root@192.168.1.1" into the Terminal application (replace 192.168.1.1 with the hostname or IP address of your remote Mac). If you see a request for a password, then connectivity is established. If not, your network configuration isn't permitting the traffic or the hostname that you're connecting to is invalid or unavailable.

VPN and port forwarding configuration is outside of the scope of support for CCC, though our support staff will make every effort to identify whether problems occur within that configuration or within the service configuration on your remote Mac. If you have worked through the troubleshooting steps above and are still having trouble backing up to a remote Macintosh, please choose "Report a problem" from CCC's Help menu and submit a support request.

After submitting the support request, there's one more thing you can do to collect some information about the connectivity problem between the two Macs:

  1. Copy Remote Authentication Debugger to both Macs
  2. Open the Remote Authentication Debugger application on the remote Mac (this will temporarily place the Remote Login service on the remote Mac into debugging mode)
  3. Open the Remote Authentication Debugger application on the local Mac and enter the remote host information for the Remote Mac when prompted
  4. The Remote Authentication Debugger application will attempt to connect to the remote Mac using the CCC authentication keys. The debug information will then be collected into reports on the Desktop of both Macs. Please attach those two reports to the automatic email reply that you received when you submitted a support request to our Help Desk.

A note about access privileges to backed up data

While logged in to your remote Macintosh, you may not have permission to view the contents of your backup in the Finder. Your access to the files will be based on the unique id that is associated with the user account that you're logged in to on the remote Macintosh and the one associated with the account(s) on the other Mac(s) that you're backing up. The first administrator account always gets a uid of "501", and subsequent accounts are assigned incrementally higher uids -- 502, 503, etc. For security and privacy purposes, OS X restricts access to the contents of user home directories to the owners of those home directories, and these restrictions are preserved when your data is backed up to a remote Macintosh.

To learn what user id is associated with your account:

  1. Open System Preferences and click on the User Accounts preference pane
  2. Click on the lock and authenticate
  3. Control+click on your account in the accounts table and choose "Advanced options"

You will see your User ID in the panel that appears.

This may be annoying from the perspective of trying to access those files on your remote Macintosh, but it is important for CCC to preserve the ownership and permissions information when backing up your data. If/when you want to do a restore, you could do either of the following:

a) Attach the external drive directly to the machine that you want to restore files to — the accounts on those systems will be able to access their backed up files

b) Do a restore directly within CCC from the original source Macintosh

If you must have read access to some of this data (e.g. the original Mac is gone, the user account changed, etc.), you can change the ownership of the home folder and its contents in the Finder:

  1. Choose "Get Info" from Finder's File menu
  2. In the "Sharing and Permissions" section at the bottom, click on the lock icon to make the permissions editable
  3. Click on the "+" button
  4. In the window that appears, select your account, then click the Select button
  5. Set the access privileges to "Read & Write"
  6. Click on the Gear menu and choose to apply the change to enclosed items