Secure backups in an untrusted cloud with duplicity

These days it’s quite easy to get incredible deals on shared hosting space. Mostly with dodgy providers in the US or former cyberlockers (like filesonic). They don’t give you SSH access, but only FTP. Rsync doesn’t work with FTP, but duplicity does. While not as robust and fast as rsync, it’s built to work with any service that can store files. Examples include any FTP-server, Amazon S3 and SFTP.

Many tutorials suggest using a GnuPG-key for asymetric encryption, but for only protecting your content from the hosting provider, a simple symetric password should work just as well and makes things easier. So a simple working example would be:

[cc lang=”bash” width=”100%” noborder=”1″ theme=”dawn”]

export PASSPHRASE=xxx
export FTP_PASSWORD=xxx
export SOURCE=$HOME
export TARGET=ftp://foo@bar.com/backups/machine

duplicity -v8 \
–exclude $HOME/’Library/Logs’ \
–exclude-regexp ‘\.DS_Store’ \
–exclude-regexp ‘^~\$.*’ \
$SOURCE $TARGET[/cc]

This works well on both Linux and Mac OSX machines. Extended options can be found on the duplicity man pages.