Secure and Efficient Backups with SSH Public Key Authentication and Rsync

Learn how to set up SSH Public Key Authentication for secure access and use Rsync for efficient file transfers and backups over SSH.

Introduction

Automating secure backups requires the right combination of tools. One of the best approaches is to use **SSH Public Key Authentication** for secure access and **Rsync** for efficient data synchronization. This ensures:

Secure, password-less SSH connections
Fast and efficient file transfers
Minimal bandwidth usage
Automated backups without user intervention

In this guide, we will walk through setting up SSH authentication, backing up files using **Rsync** and **Tar over SSH**, and best practices for ensuring data integrity.

Step 1: Set Up SSH Public Key Authentication

To allow your scripts to access a remote server **without requiring a password**, we will configure **SSH key authentication**.

Generating an SSH Key Pair

On your local machine (e.g., **Raspberry Pi**, laptop, or backup server), generate an SSH key pair:

ssh-keygen -t rsa -b 4096 -C "your-email@example.com"

This will create:

~/.ssh/id_rsa (private key, keep it secure!)
~/.ssh/id_rsa.pub (public key, share this with the remote server)

Copying the SSH Key to the Remote Server

To allow authentication, add the public key to the remote server:

ssh-copy-id user@remoteserver.example.com

If ssh-copy-id is not available, manually copy the key:

cat ~/.ssh/id_rsa.pub | ssh user@remoteserver.example.com "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Managing Multiple SSH Keys for Client Backups on a Single Server you can read hier!

Testing Password-less SSH Login

Try connecting to the remote server:

ssh user@remoteserver.example.com

If everything is set up correctly, it should log in without asking for a password.

Option 1: Backup with Tar over SSH

A simple way to create a compressed backup and transfer it over SSH is by using **tar** and **gzip**:

ssh root@remoteserver.example.com "tar -czvf - / 2> /var/log/sshbackup" > vpsbackup.tar.gz

Explanation:

The remote server compresses all files on **/** (root directory).
The backup is transferred directly to the local machine.
Backup logs are saved on **/var/log/sshbackup** (remote).

✅ **Pros:** Easy to implement, compresses data before transfer.
❌ **Cons:** Inefficient for large backups (re-transmits unchanged files).

Option 2: Backup with Rsync

For a more efficient approach, **Rsync** only transfers changed files.

Installing Rsync

Ensure **Rsync** is installed on both local and remote machines:

sudo apt update && sudo apt install rsync

Basic Rsync Command

To synchronize files efficiently, use the following command:

rsync -a --delete --exclude={"/dev","/sys","/proc","/tmp"} remoteserver.example.com:/ /path/to/backup/destination/

Explanation:

-a: Archive mode (preserves permissions, timestamps, symbolic links).
--delete: Removes files that no longer exist on the source.
--exclude=: Prevents transferring system directories.

Using Rsync with Large Files

For large files or slow networks, add the following flags:

rsync -ac --partial --append remoteserver.example.com:/ /path/to/backup/

-c: Uses checksums to detect changes.
--partial: Resumes interrupted transfers.
--append: Speeds up resuming large files.

Automating Backups with Cron

To schedule automatic backups, add a cron job:

crontab -e

Add the following line to run Rsync every day at 2 AM:

0 2 * * * rsync -a --delete remoteserver.example.com:/ /path/to/backup/

This ensures regular automatic backups.

Best Practices for Secure Backups

✅ **Use SSH key authentication** instead of passwords.
✅ **Encrypt backups** with gpg or openssl.
✅ **Monitor logs** for backup failures (/var/log/syslog).
✅ **Store offsite backups** to protect against hardware failure.
⚠️ **Be careful with --delete**, as it permanently removes files.

Conclusion

By setting up **SSH Public Key Authentication** and using **Rsync**, you can create **fast, efficient, and automated backups**. This method ensures:

🔒 **Secure connections** with SSH authentication
⚡ **Minimal bandwidth usage** with Rsync’s differential sync
📅 **Automated backups** using cron jobs
🛡️ **Data integrity** by excluding unnecessary files and verifying checksums

Now you have a robust **backup solution** that ensures your data is always safe! 🚀

Über den Autor: Aleksandar Stajić

In meiner bisherigen beruflichen Laufbahn habe ich an über 600 kleineren und größeren Projekten gearbeitet und durfte stets mit den neuesten Technologien innovative und individuelle Lösungen erarbeiten. Ich habe u.a. an den ersten Webapplikationen (Rich Internet Applications) für Datenerfassung und Auswertung über UMTS, an DB-Marktforschung und Tracking, Database Marketing, Online-Marketing, e-Commerce, CMS, Adoptive- und Responsive-Designs, unter Linux- und Windows-Servern und in allen OSI-Schichten gearbeitet.

Cookie	Dauer	Beschreibung
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Secure and Efficient Backups with SSH Public Key Authentication and Rsync