Daily Archives: 20140310


Recently I needed to do some backups on a host (not managed by me), and being somewhat paranoid, and lazy, I didn’t schedule backups for sometime. Recently while trying to be just paranoid, I decided it’s finally time to close this task pending for a while, so gave a shot to duplicity again. Its manpage is quite well written, and so is the software.

My backup provider offers SFTP space (courtesy: ProFTPD, I think). So to login to SFTP account, I created a SSH public key to be used by backup script, and converted it into RFC4716 format (ssh-keygen -e), and uploaded to remote host. For encrypting backups, I used GPG, so generated a GPG key locally, and copied the public key to the host which is to be backed up. Since decryption of backups is not needed, unless it’s to be restored therefore I don’t need to copy private GPG key on remote host.

Now with a duplicity command-lines similar to below, I was able to do full, and incremental backups respectively:

duplicity full --encrypt-key ${GPG_KEY} --log-file=${LOG_FILE} ${SOURCE_DIRECTORY_TO_BACKUP} scp://${BACKUP_USER}@${BACKUP_HOST}/${BACKUP_DIRECTORY}
duplicity incremental --encrypt-key ${GPG_KEY} --log-file=${LOG_FILE} ${SOURCE_DIRECTORY_TO_BACKUP} scp://${BACKUP_USER}@${BACKUP_HOST}/${BACKUP_DIRECTORY}

And to periodically clean old backups:

duplicity remove-all-but-n-full --force  --log-file=${LOG_FILE} ${NUMBER_OF_OLD_BACKUPS_TO_KEEP} scp://${BACKUP_USER}@${BACKUP_HOST}/${BACKUP_DIRECTORY}

That’s it. Put these things in a script in a cron job scheduled at appropriate times, I can now do encrypted backups. As an anonymous guy puts it:

It’s better to have dump-ed, and restored, than to never have dumped at all

Now go backup yourself!