Just another blog

Encrypted backups to another server

- Posted in Quick Tip by

I am trying to back up one of my storage servers to another storage server, but I would like to encrypt the backup files for extra protection.

To do this, I will be using duplicity. Duplicity works great for backing up my desktop to my storage VPS so I'd like to use it for my server also.

First, we need to install duplicity and make sure gnupg is installed, as well as python-maramiko otherwise it may error advising it's not available as a backend.

apt install duplicity gnupg python-paramiko

Then we need to generate a key

gpg --gen-key

For the next part, I took the defaults except the keysize is 4096.

Take note of the public key that was generated as we'll use this to encrypt the backup.

This is the command I would use to back up the /var/www folder to the path /home/root/www on the destination.

duplicity --ssh-askpass --encrypt-key=CE69XXXX --sign-key=CE69XXXX /var/www sftp://root@destination.com/www

The --ssh-askpass option is if you don't use SSH keys, otherwise it will complain that it can't connect.

The output will be pretty quiet, not showing any progress, so for the first backup I will use -v8 which is verbosity level 8 (info) which shows each file as it's backing up.

In another post, I'll look at decrypting the backup.