Duplicity is a popular tool that takes backup security one step further: the data that is backed up is encrypted with GPG. Duplicity works by creating an encrypted zip file of your incremental backup data, and then uploads the zip file to your server. You might want to consider using Duplicity when:
Installation of Duplicity is a snap; but you'll also want to make sure that you have GPG installed as well. To check if both GPG and Duplicity are installed, open up a terminal and enter the following commands:
Installing GPG may be as simple as using your package management system. Depending on your flavor of *nix, enter one of the following into a terminal:
sudo apt-get install gpg
sudo yum install gpg
sudo zypper install gpg
sudo make install
Installing Duplicity may be as simple as using your package management system. Depending on your flavor of *nix, enter one of the following into a terminal:
sudo apt-get install duplicity
sudo yum install duplicity
sudo zypper install duplicity
sudo make install
An SSH keypair allows duplicity to automatically connect without you having to manually enter a password.
sudo), so that you have full access to all the files on your machine.
sudo ssh-keygen -f /backup/ssh_key -t rsa -N ''
An SSH key pair allows you to securely log in to your backup server without entering a password each time.
sudo rsync -e ssh /backup/ssh_key.pub firstname.lastname@example.org:ssh_keys/key1.pub
ssh email@example.com addkeys
userwith your EVBackup account name.
sudo ssh -i /backup/ssh_key firstname.lastname@example.org
If you were successful, then something very similar to the following will appear in Terminal:
Last login: Thu Jul 15 16:16:44 2010 from c-28-26-13-101.
Copyright (c) 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.4-STABLE (EXAVAULT) #1:
The next step is to create your GPG key. The GPG key is different than your SSH key:
Creating your GPG key is a snap. At a terminal, enter the following commands:
sudo gpg --gen-key
You will then be guided through a series of prompts that will help you create your key. Once the key is created, you should see a prompt like this:
gpg: key 687DC52E marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/687DC52E 2011-04-18
Key fingerprint = 34BF 1C05 B797 A11C 940D EB22 FB6F 3C43 687D C52E
uid Rich W < email@example.com >
sub 2048R/74136395 2011-04-18
Write down the key number; this is your public key ID. You'll be using it later when Duplicity encrypts your files.
To make your first backup with Duplicity, enter the following into a terminal (all on one line):
sudo duplicity full --ssh-options="-oIdentityFile=/backup/ssh_key" --encrypt-key[key id] [source] scp://firstname.lastname@example.org/[destination]
[key id]is your GPG public key ID.
[source]is the path to the files you want to backup.
[destination]is the (optional) folder on the server that you want to put the encrypted backup files in.
For example, user bobsmith wants to backup his website folder and a MySQL database backup:
sudo duplicity full --ssh-options="-oIdentityFile=/backup/ssh_key" --encrypt-key ABC123XYZ /var/www scp://email@example.com/web
sudo mysqldump -u dbuser -h dbserver -p dbpassword --database db02 > /backup/db/db02.sql
sudo duplicity full --ssh-options="-oIdentityFile=/backup/ssh_key" --encrypt-key ABC123XYZ /backup/db scp://firstname.lastname@example.org/db
To verify the backup, you can use Duplicity's list-current-files argument:
(Note that the GPG key isn't required)
sudo duplicity --ssh-options="-oIdentityFile=/backup/ssh_key" list-current-files scp://email@example.com/[destination]
Tip: The list-current-files argument is also useful if you would like to see exactly what was included in your last backup.
Once you've created the initial backup, then the hard part is over. All that is required is to copy the Duplicity command into a script, change the full argument to incremental, and automate it with cron.
sudo chown root:root /backups/[script-file-name].sh
Once you have your backup script created and saved, you need only to add a cron job to automate it. To automate a cron job for your script:
sudo crontab -e
For example, to run duplicity-script.sh every night at 11:42 PM, you would enter:
42 23 * * * /backups/duplicity-script.sh
The fields in crontab (separated by s p a c e s or tabs) are:
[minute] [hour] [day of month] [month] [weekday] [command] [command args]
Should you have questions or need help: firstname.lastname@example.org
Restoring files backed up with duplicity is just like restoring files with rsync: Simply reverse the source and destination folders.
sudo duplicity --ssh-options="-oIdentityFile=/backup/ssh_key" scp://email@example.com/[remote-folder] [local-folder]
You can also restore individual files with the --file-to-restore argument (all on one line):
sudo duplicity --ssh-options="-oIdentityFile=/backup/ssh_key" --file-to-restore [dir/file-to-restore] scp://firstname.lastname@example.org/[remote-folder] [local-folder/restored-file]