Creating Encrypted FTP Backups With duplicity And ftplicity On Debian Lenny

Version 1.0
Author: Falko Timme
Follow me on Twitter

When you rent a dedicated server nowadays, almost all providers give you FTP backup space for your server on one of the provider's backup systems. This tutorial shows how you can use duplicity and ftplicity to create encrypted (so that nobody with access to the backup server can read sensitive data in your backups) backups on the provider's remote backup server over FTP. ftplicity is a duplicity wrapper script (provided by the German computer magazine c't) that allows us to use duplicity without interaction (i.e., you do not have to type in any passwords).

I do not issue any guarantee that this will work for you!


1 Preliminary Note

In this tutorial I call the backup server where I have an FTP account with the username backupuser and the password secret. On my own server, I want to backup the directory /home/exampleuser.


2 Installing duplicity

First we make sure our system is up-to-date:

aptitude update
aptitude safe-upgrade

Then we install duplicity as follows:

aptitude install duplicity ncftp


3 Our First Backup

Now let's do our first backup:

FTP_PASSWORD=secret duplicity /home/exampleuser ftp://[email protected]/
server2:/home/exampleuser# FTP_PASSWORD=secret duplicity /home/exampleuser ftp://[email protected]/
GnuPG passphrase:
Retype to confirm:
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1269961692.60 (Tue Mar 30 17:08:12 2010)
EndTime 1269961692.85 (Tue Mar 30 17:08:12 2010)
ElapsedTime 0.24 (0.24 seconds)
SourceFiles 44
SourceFileSize 1576302 (1.50 MB)
NewFiles 44
NewFileSize 1576302 (1.50 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 44
RawDeltaSize 727995 (711 KB)
TotalDestinationSizeChange 204486 (200 KB)
Errors 0

As you see you will be asked for a GnuPG passphrase. You can type in any password you like; this has to be done everytime you run duplicity. The backup will be encrypted with the help of GnuPG. Permissions and ownerships will be preserved in the backup.

To create the backup in a subdirectory on the backup server, you'd modify the command as follows:

FTP_PASSWORD=secret duplicity /home/exampleuser ftp://[email protected]/subdirectory

When you run duplicity for the first time, it will create a full backup; afterwards, it creates incremental backups. To force the creation of a full backup again, you can use the full switch:

FTP_PASSWORD=secret duplicity full /home/exampleuser ftp://[email protected]/

To exclude a directory from the backup, e.g. /home/exampleuser/tmp, you can use the --exclude switch:

FTP_PASSWORD=secret duplicity --exclude /home/exampleuser/tmp /home/exampleuser ftp://[email protected]/

If you are backing up the root directory /, remember to --exclude /proc, or else duplicity will probably crash.

To learn more about the available duplicity options, take a look at

man duplicity


4 Restore A Backup

Now let's assume we have deleted everything in /home/exampleuser and want to restore it from our FTP backup. This is how it's done:

FTP_PASSWORD=secret duplicity ftp://[email protected]/ /home/exampleuser

Please note that in this case the remote location comes before to local folder!

Share this page:

4 Comment(s)