How to do rsync-like encrypted backup?

linux backup encryption rsync
50,826

Solution 1

The best thing around is Duplicity. The only drawback is that it does not handle hardlinks.

Another solution is Tartarus, which can be piped through GPG and FTP/SSH directly to a backup server. It does incrementals.

Here are Tartarus instructions, in German.

Solution 2

I think you'll like rsyncrypto.

Use rsyncrypto to encrypt files from your plaintext directory to your encrypted directory, and decrypt files from your encrypted directory and your plaintext directory, using keys that you keep locally.

Use rsync to synchronize between your encrypted directory and the remote host.

The rsyncrypto implementation you can download now from Sourceforge not only handles changes in bytes, but also insertions and deletions.

With rsyncrypto, all encryption keys never leave the local computer.

"The remote server should preferably not even know the directory structure"

In that case, you'll want to use the --name-encrypt=map option. That makes each encrypted file name is a random string of characters, and by default all mangled file names are stored in a single directory. The true file names and folder names are stored in the (encrypted) file named "filemap".

Related: "Is there an encrypted version control system?"

Solution 3

In recent years, Rclone has been developed. Its motto is "rsync for cloud storage" but beyond things like S3/Azure/Google/etc. cloud storage providers, it also supports syncing between local and SSH/SFTP targets.

Any "remote" you configure, you can also add a crypt wrapper around it. This acts as the original remote, but the contents of all your files (and optionally the file names themselves) get encrypted on the client side. The algorithm is documented, and its been a generally seamless process in my experience so far.

Solution 4

You can use encfs in "inverse" mode. This gives you an encrypted "view" of a local folder. Then you rsync this encrypted view instead of the unenctrypted data. This gives you all advantages of rsync without the need to have an encrypted copy of you data.

Solution 5

2020 Borg Backup seems to be the alternative.

It seems well mature, maintained and has the requested feature set.

Github Link for Borg Backup

Share:
50,826
Admin
Author by

Admin

Updated on September 17, 2022

Comments

  • Admin
    Admin over 1 year

    I want to save a backup of my data on a remote server, but never want the backup server to see the data unencrypted. Editing a single file and backing up should not result in everything being encrypted and sent again. The remote server should preferably not even know the directory structure (and especially not the directory names).

    Is there such a solution?

  • Cerber
    Cerber almost 11 years
    (2013 edit) Found it on github : github.com/wertarbyte/tartarus ; it's GPLv3 ; I'll check if it's still as cool today as it was in 2011 ;)
  • jnovack
    jnovack over 4 years
    2019 here. tartarus did not age well. duplicity has matured, but development still looks like it was hosted on geocities site
  • Diagon
    Diagon over 2 years
    Looks nice. Could you add comparisons to Borg and Restic in your comparison chart? Also, duplicity does not need installation on the remote. It does use a local database, though it may be that's just to speed things up. IIRC, if it was nailed, it could be reconstructed.
  • Diagon
    Diagon over 2 years
    One other peoint you might consider adding to your feature matrix, is the status of the crypto used by the various backup tools. Restic is roll your own. Borg has some limitations discussion in it's docs. I am not clear on rclone, though there appears to be a lot of metadata leakage, like encfs.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is there an rsync alternative, that stores compressed and encrypted?
Encrypted Remote Backups via Rsync?
shell script rsync password file option
Error when getting information for file - Input/output error
uncompress gzipped encrypted file
Permission problems with rsync
Rsync --password-file Not Working
When is -av NOT the appropriate option for rsync?
How can I backup remotely the entire Linux server using rsync over SSH?
How to fix corrupted NTFS