Poor Man’s Backup


We’re basically setting up a crontab with two components:


An alternative would be to use rsync remotely from a dedicated backup host. And there’s also:

As for database backups you might add a few mysqldumps to the script or eventually use Mydumper.


First, check that you can reach your FTP service e.g. Dedibackup auth based on MAC address (note the , and absence of a password afterwards), as long as you enable autologin


and eventually clean your shit up

#glob -a rm -r -f *

GPG v1 symmetric encryption

gpg --version | head -1 # v1 is fine
gpg --version | grep Cipher
echo lala | gpg --no-use-agent --symmetric --cipher-algo TWOFISH --passphrase 'KEY_HERE' --output lala.gpg
file lala.gpg
gpg --no-use-agent --decrypt --cipher-algo TWOFISH --passphrase 'KEY_HERE' < lala.gpg

OpenSSL symmetric encryption

openssl version
echo lala | openssl enc -aes-256-cbc -e -k 'LALA' -out lala.aes
file lala.aes
openssl enc -aes-256-cbc -d -k 'LALA' < lala.aes


Fetch the script templates as root, rename and set the executable bits

cd /root/bin/
wget http://pub.nethence.com/bin/backup.ksh.txt
wget http://pub.nethence.com/bin/backup.lst.txt
wget http://pub.nethence.com/bin/backup.upload.ksh.txt
cp backup.ksh.txt backup.ksh
cp backup.lst.txt backup.lst
cp backup.upload.ksh.txt backup.upload.ksh
chmod +x backup.ksh backup.upload.ksh

Tune a few variables

mkdir -p /data/backup/
vi backup.ksh


and keep a copy of the key some place outside the server you wanna backup. Also write down your FTP password that you get from the DediBackup console, as you will still be able to reach your backups through normal FTP login if needed from a remote site.

Tune what folders you want to backup,

vi backup.lst

Tune your FTP server/login/pass,

vi backup.upload.ksh



Check the diffs

diff -bu backup.ksh.txt backup.ksh    
diff -bu backup.upload.ksh.txt backup.upload.ksh    

Run a manual backup

time nice /root/bin/backup.ksh
top -b | grep gpg # multi-cores >100%
ll /data/backup/

then attempt to upload it

time nice /root/bin/backup.upload.ksh


Enable the shit every night as root,

crontab -e


0 3 * * * time nice /root/bin/backup.ksh && time nice /root/bin/backup.upload.ksh



lftp user credentials do not work with -e or -c https://unix.stackexchange.com/questions/469787/lftp-user-credentials-do-not-work-with-e-or-c


Encrypting and decrypting documents https://www.gnupg.org/gph/en/manual/x110.html

Symmetric Key Encryption with GnuPG http://www.savvyadmin.com/symmetric-key-encryption-with-gnupg/

GPG Encryption Guide - Part 4 (Symmetric Encryption) https://www.tutonics.com/2012/11/gpg-encryption-guide-part-4-symmetric.html

Home directory backup - The quick ‘n’ dirty guide https://www.dedoimedo.com/computers/linux-home-dir-backup-tar-gpg-guide.html

duplicity https://www.digitalocean.com/community/tutorials/how-to-use-duplicity-with-gpg-to-securely-automate-backups-on-ubuntu

Thread: gpg: gpg-agent is not available in this session https://ubuntuforums.org/showthread.php?t=1420156

gpg encrypt file without keyboard interaction [closed] https://stackoverflow.com/questions/9460140/gpg-encrypt-file-without-keyboard-interaction

How can I automate gpg decryption which uses a passphrase while keeping it secret? https://unix.stackexchange.com/questions/400772/how-can-i-automate-gpg-decryption-which-uses-a-passphrase-while-keeping-it-secre

Encrypt tar.gz file on create https://askubuntu.com/questions/95920/encrypt-tar-gz-file-on-create


How to password protect gzip files on the command line? https://superuser.com/questions/162624/how-to-password-protect-gzip-files-on-the-command-line

How to Encrypt and Decrypt Files and Directories Using Tar and OpenSSL https://www.tecmint.com/encrypt-decrypt-files-tar-openssl-linux/

How should I change encryption according to *** WARNING : deprecated key derivation used https://askubuntu.com/questions/1093591/how-should-i-change-encryption-according-to-warning-deprecated-key-derivat

Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml