eskp.net


GPG encrypted Duplicity Backups Between Two Hosts

Generate SSH key for backup user to connect to another host with

ssh-keygen -C backup@<server_name> -f /root/.ssh/id_backup

Place id_backup.pub in /var/backups/.ssh/authorized_keys on the opposing server

chown backup: /var/backups/
chown -R backup: /var/backups/.ssh
chmod 700 .ssh/
chmod 600 .ssh/authorized_keys

On each host Generate GPG key

gpg --gen-key
Accept all defaults
Real name: `hostname` Backup

Securely backup your private keys on both servers

Install duplicity

apt-get install duplicity python-paramiko

Put the backup script in /usr/local/bin/

Get GPG key ID - second part of sec field from gpg -K and place it in the backup script

Cron script named /etc/cron.d/backup to run at 3am daily

MAILTO="email@address.net"
0 3 * * * root /usr/local/bin/duplicity_backup