Creating Encrypted FTP Backups With duplicity And ftplicity On Debian Lenny

Version 1.0
Author: Falko Timme
Follow me on Twitter

When you rent a dedicated server nowadays, almost all providers give you FTP backup space for your server on one of the provider's backup systems. This tutorial shows how you can use duplicity and ftplicity to create encrypted (so that nobody with access to the backup server can read sensitive data in your backups) backups on the provider's remote backup server over FTP. ftplicity is a duplicity wrapper script (provided by the German computer magazine c't) that allows us to use duplicity without interaction (i.e., you do not have to type in any passwords).

I do not issue any guarantee that this will work for you!


1 Preliminary Note

In this tutorial I call the backup server where I have an FTP account with the username backupuser and the password secret. On my own server, I want to backup the directory /home/exampleuser.


2 Installing duplicity

First we make sure our system is up-to-date:

aptitude update
 aptitude safe-upgrade 

Then we install duplicity as follows:

aptitude install duplicity ncftp 


3 Our First Backup

Now let's do our first backup:

FTP_PASSWORD=secret duplicity /home/exampleuser ftp://[email protected]/

server2:/home/exampleuser# FTP_PASSWORD=secret duplicity /home/exampleuser ftp://[email protected]/
GnuPG passphrase:
Retype to confirm:
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1269961692.60 (Tue Mar 30 17:08:12 2010)
EndTime 1269961692.85 (Tue Mar 30 17:08:12 2010)
ElapsedTime 0.24 (0.24 seconds)
SourceFiles 44
SourceFileSize 1576302 (1.50 MB)
NewFiles 44
NewFileSize 1576302 (1.50 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 44
RawDeltaSize 727995 (711 KB)
TotalDestinationSizeChange 204486 (200 KB)
Errors 0


As you see you will be asked for a GnuPG passphrase. You can type in any password you like; this has to be done everytime you run duplicity. The backup will be encrypted with the help of GnuPG. Permissions and ownerships will be preserved in the backup.

To create the backup in a subdirectory on the backup server, you'd modify the command as follows:

FTP_PASSWORD=secret duplicity /home/exampleuser ftp://[email protected]/subdirectory

When you run duplicity for the first time, it will create a full backup; afterwards, it creates incremental backups. To force the creation of a full backup again, you can use the full switch:

FTP_PASSWORD=secret duplicity full /home/exampleuser ftp://[email protected]/

To exclude a directory from the backup, e.g. /home/exampleuser/tmp, you can use the --exclude switch:

FTP_PASSWORD=secret duplicity --exclude /home/exampleuser/tmp /home/exampleuser ftp://[email protected]/

If you are backing up the root directory /, remember to --exclude /proc, or else duplicity will probably crash.

To learn more about the available duplicity options, take a look at

man duplicity


4 Restore A Backup

Now let's assume we have deleted everything in /home/exampleuser and want to restore it from our FTP backup. This is how it's done:

FTP_PASSWORD=secret duplicity ftp://[email protected]/ /home/exampleuser

Please note that in this case the remote location comes before to local folder!

Share this page:

Suggested articles

4 Comment(s)

Add comment


By: Anonymous

ftplicity wont work with the newer version of duplicity

 [email protected] / # ftplicity backup
There has been a fatal error:
  Unsupported duplicity version 0.6.08b. 0.4.11 is recommended.

By: Jims ftp storage

Making sure your system is up to date first is vital for avoiding compatibility issues and a few bugs/annoyances later on. Trust me, I've been there!

By: Maik Holtkamp

I modified the script (which ftplicity), as follows:

line 36:

to set the squeeze Version as recommended.

line 249:


to make sure the actual version of duplicty would not hit by the following case:

        error "$(getstr DuplVersUnsup)"

Seems to work. HTH

By: Maik Holtkamp

Sorry, but some hours later I have to admit:

If this error comes up because you updated lenny to squeeze, don't follow above given workaround, even if it works!

Squeeze offers duply the advancment of ftplicity. It will work with the duplicitiy version that comes with squeeze without any hacks, of course. One major difference is that duply offers so called profiles, so you can create and use different configs if you have different tasks. If you don't need it just create a default profile by whatsoever name, let's say foobar. Then do:

# apt-get install duply
# duply create foobar
# for i in ~/.duply/foobar/*; do mv $i ~/.duply/foobar/$i.original; done
# mv ~/.ftplicity/* ~/.duply/foobar/
# duply foobar backup

If you are using cronjobs or wraper scripts make sure to do a

s/ftplicity/duply foobar/g

on them. Have a look at the man page, there are quite some improvments made for duply e.g. PRE/POST run scripting.

Last not least one more general hint:

Bevore starting hacking scripts you hardly understand, just consult your $DISTRIBUTION_TOOLS:

# apt-cache search ftplicity
duply - easy to use frontend to the duplicity backup system