I recently set up a backup solution for my Linux servers and I ended up going with Tarsnap for the cloud storage. I did this for a couple of reasons. The backup tool was built in the Unix fashion and does only the bare minimum of backup tasks, but it does them very well. All the data is also encrypted locally with your Key that NEVER sent to Tarsnap. That means that they can not decrypt your backups only you can, so make sure to backup your key. This is a trade off but one I was willing to make. The client is also Open source and you can compile it from source code if you would like.

Tarsnap acts very much like Tar. It creates a diff from the last backup, compresses, encrypts then uploads the data to the Tarsnap servers. you will need to use something like crontab and a shell script to automate the backups.

Pricing is also very good

  • Storage: 250 picodollars / byte-month($0.25 / GB-month)
  • Bandwidth: 250 picodollars / byte($0.25 / GB)

And for the crypto nerds like me Tarsnap uses 2048 bit RSA keys, AES 256 and SHA256 HMACs. Also server authentication is done with a RSA key distributed with the client. If you want more you can find all the details here.

Note: One word of warning if you are not comfortable with the Linux command line this is not a tool for you.

Setting up Tarsnap

First go to Tarsnap.com and set up an account. you will need to load at least $5 into your account to start using the service.

I set up Tarsnap to from as root so I will do this all as root.

sudo su
cd /root

There is a couple of dependencies to install.

apt-get install gcc libc6-dev make libssl-dev zlib1g-dev e2fslibs-dev

Then lest download the source files (see Tarsnap download for current path).

wget https://www.tarsnap.com/download/tarsnap-autoconf-1.0.36.1.tgz

Then extract the files and move into the new folder.

tar -xvf tarsnap-autoconf-1.0.36.1

cd tarsnap-autoconf-1.0.36.1

Next compile and install Tarsnap.

./configure
make all
make install

Next we need to configure Tarsnap. The sample .conf is pretty good and we will just use this.

cd /usr/local/etc/
cp tarsnap.conf.sample tarsnap.conf
cd /root

Next we will need to generate our encryption keys and connect to our account. (if you want to store the Key in a different location make sure you update tarsnap.conf)

tarsnap-keygen \
   –keyfile /root/tarsnap.key \
   –user me@example.com \
   –machine mybox

Now lets create our shell script to run backups.

/root/tarsnap-backup.sh

#!/bin/sh
/usr/local/bin/tarsnap -c \
   -f mybackup-date +%Y-%m-%d_%H-%M-%S \
   /PATH/TO/BACKUP

This is pretty simple just edit /PATH/TO/BACKUP to the folder you want backed up.

Now lets make this executable and run our first backup.

chmod u+x /root/tarsnap-backup.sh
/root/tarsnap-backup.sh

After this is complete you can verify the backup with

tarsnap –list-archives | sort

Now just add the .sh to crontab crontab -e and you have an automated backup solution.

There is a ton more documentation on the Tarsnap site so if you want to get into the details like adding exclusions to the backup take a look there.

Really make sure you BACKUP your key this is not going to do you a lot of good if you can’t decrypt your backup.