Using Borg backup across SSH with sshkeys

Borgbackup is a fantastic piece of software. It's a free deduplicating archiver with compression and encryption, which reduces the amount of storage one needs to have to be able to keep backup archive for a very long term.

One of the great small things it can do is that it can run across the wire using ssh, authenticating with sshkeys. Sadly the documentation is not 100% correct, and it lack one bit of information for one to be able to get it to run.

The steps to get it working are:

  1. Follow the documentation to install borg

  2. Create a user on the destination server which will be the one who owns the repo.

  3. On the destination create the repo: borg init <path/repo name>

  4. On the source create an sshkey without passphrase (it is possible to do this with a passphrase - I just couldn't be bothered), and distribute the key to the destination server/user.

  5. Create a script which is use to setup a few environment variables which borg needs:

    1. BORG_PASSCOMMAND="cat <file containing the password for the repo>"

    2. BORG_RSH="ssh -i <path>/<private key>" <<== this was created in step 4).


     


Now it's possible to run borg:
# borg create --stats --compression zlib,5  ${REPOSITORY}::`hostname`-`date +%Y-%m-%d` \
/home/myuser \
/root
/etc
....

Without BORG_RSH it is not possible to make it load the sshkey. The other option would be use ssh_agent, but that is cumbersome.

Comments

Borg Backup and Rclone to Object Storage – Riaan's SysAdmin Blog said…
[…] Using Borg backup across SSH with sshkeys https://opensource.com/article/17/10/backing-your-machines-borg […]
March 31, 2018 at 4:56 PM
Post a Comment

Popular posts from this blog

Kviknet and IPv6

Image
 I decided to switch ISP, mainly due to Hiper (Danish) was using a VLAN for their connection which made pfSense and my APU3 board require a reboot everytime I changed anything. Kviknet has a good reputation (wonder why) in Denmark, they are not cheap and they have the same opening hours as everyone else - meaning until 16:30 and closed during weekends. I sometimes wonder how companies who need 24/7 internet get on with that ... well it's Denmark. Kviknet has an interesting way to do IPv6, your router get and SLAAC assigned IPv6 address on the public side (wan) and you get a ::/48 network from Kviknet to use on your lan.  To some degree it does make sense, you can then configure your lan with static addresses as you see fit, and for dynamic assignment you use RA stateless dhcp *) ... which works for everything.  (I need to get my piHole configured with an static IPv6 so that I can use that ...). pfSense is a pain, I do like it, but they are light years behind their main competitor
Read more

Apple IOS cannot download song

It looks like there is a possibility that a song will not download, in iTunes (application) it will show as "Download error. Tap to retry". From that point onwards, one can tap, and continue to tap, and nothing will solve the issue. The way to remove that song from the download queue, is to tap, and hold on the cover art, and swipe right, that will change the download icon to 'delete' and one can remove the song from the queue.
Read more

Apple AirPort Express and Digital Jitter..

I'm doing something which I can't really afford, but doing it anyway ... I'm upgrading my Stereo ... I like music, and  believe it should be played at the highest affordable quality. So after getting a new Stereo Amp (Creek Evolution 50A), I got a new Phono Amp. and then started looking for a DAC ... and after reading I do not know how many posts I decided to get an S.M.S.L M8 (from  Amazon  fro €249.99), not too expensive and according to what I can read very good. So I got it hooked it up to my amp, connected my Notebook (Macbook Air 11" / 2011) using USB ... sounded nice, then my Macbook Pro Retina with digital (fiber) in some way better than USB, slightly more air and openness. Then decided to use my old Apple Airport Express ( MB321LL/A  - 802.11n version 1) using it's digital output (I don't like the build in DAC - it's a bit too dark for me), and this is where I started having doubts about my buy. There was drop out, all the time. Right I changed, to
Read more