Automated Backups With rdiff-backup - Page 2

Step 3: Edit The Public Key On

Log in as root on and have a look at /root/.ssh/authorized_keys. It should look similar to this:

ssh-rsa AAAAB3Nza[...]W1go9M= [email protected]

Now prepend the following string to /root/.ssh/authorized_keys:

command="rdiff-backup --server --restrict-read-only /",from="",no-port-forwarding,no-X11-forwarding,no-pty

It must be in one line(!) with the key, only seperated by a space:

command="rdiff-backup --server --restrict-read-only /",from="",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3Nza[...]W1go9M= [email protected]

This will run the command rdiff-backup --server --restrict-read-only / when the user rdiff-backup fom connects to over SSH. --restrict-read-only / makes sure that rdiff-backup has only read access on It depends on your rdiff-backup version if this works. If this does not work for you you can leave out --restrict-read-only / so that it reads

command="rdiff-backup --server",from="",no-port-forwarding,no-X11-forwarding,no-pty

In from="" you should use the hostname that a reverse lookup of's IP address returns. For example, if's IP address is, and

dig -x


[email protected]:~$ dig -x

; <> DiG 9.2.4 <> -x
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38020
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;      IN      PTR

;; ANSWER SECTION: 43200 IN      PTR

;; Query time: 118 msec
;; WHEN: Thu Oct 13 14:56:03 2005
;; MSG SIZE  rcvd: 83

[email protected]:~$

then you should use

command="rdiff-backup --server --restrict-read-only /",from="",no-port-forwarding,no-X11-forwarding,no-pty

You can as well use's IP address:

command="rdiff-backup --server --restrict-read-only /",from="",no-port-forwarding,no-X11-forwarding,no-pty

Next run

chmod -R go-rwx /root/.ssh

Then have a look at /etc/ssh/sshd_config. It should contain the lines

RSAAuthentication yes
PubkeyAuthentication yes

Restart ssh if you had to change /etc/ssh/sshd_config:

/etc/init.d/ssh restart

Step 4: Test rdiff-backup On

Back on, again as the user rdiff-backup, we test the backup:

cd /backup
rdiff-backup server1_backup::/boot boot

In the second command you see the string server1_backup. That is the string we used in /backup/.ssh/config after host. With this second command, the user rdiff-backup will connect to as the root user and save the directory /boot of to the directory /backup/boot on If you see that it is working and you do not have to type in a password, then - congratulations! You did it!

Now all there is left to do is to create a cron job. Still as user rdiff-backup, run

crontab -e

and create a cron job like this:

40 2 * * * /usr/bin/rdiff-backup --exclude /tmp --exclude /mnt --exclude /proc --exclude /dev --exclude /cdrom --exclude /floppy server1_backup::/ /backup/server1

This runs the backup every night at 2.40h, saving the directory / with all subdirectories (excluding /tmp, /mnt, /proc, /dev, /cdrom, /floppy) of in /backup/server1 on

(Note (a little off-topic): on Debian Sarge crontab -e will automatically open the editor nano. If you are used to working with the editor vi (like me), run the following commands:

rm -f /etc/alternatives/editor
ln -s /usr/bin/vi /etc/alternatives/editor

Afterwards, run crontab -e, and vi will come up.)

To find out more rdiff-backup commands (especially how to restore a backup), run

man rdiff-backup

and have a look at


rdiff-backup Homepage:

rdiff-backup Examples:

Share this page:

5 Comment(s)

Add comment


From: Anonymous

rm -f /etc/alternatives/editor
ln -s /usr/bin/vi /etc/alternatives/editor

 this broke my crontab

 fixed with:  export EDITOR=vi && crontab -e


I'm working on a start script which can be run in the crontab fields for rdiff-backup. It will initiate the backup and send an email with result to a pre-defined person.

I would also suggest that anyone who run rdiff-backup also add --exclude /sys to their crontabs/rdiff-backup commands as sysfs is often mounted on /sys and has no point to be backed-up. Takes a lot of extra time to process files which are changed during runtime.

There are more of these directories and files which you can block out to improve performance. But it's the same reason why you dont backup /proc for all of them. 

From: Anonymous

ssh-keygen -t rsa
# hit return three times

ssh-copy-id -i ~/.ssh/ [email protected]_host
# enter your password for username on remote_host

cat > /etc/cron.daily/remote_backup
rsync -e 'ssh -p 22' -avzp /some/dir remote_host:/var/backups/some_host

chmod +x /etc/cron.daily/remote_backup

ssh [email protected]_host mkdir /var/backups/some_host

From: Kim N. Lesmer

When you use rdiff-backup to backup from a local machine to a remote host, rdiff-backup has to be installed on both systems, and it has to be the same version or at least no major changes most appear between the versions.


If your has sshd on different port than 22 eg. 1234 than You have to make additional changes on server

Add extra line to /backup/.ssh/config: port 1234

You shoul also use ssh-copy-id -p 1234 -i ~/.ssh/ [email protected] instead of ssh-copy-id -i ~/.ssh/ [email protected]

 Sometimes obove doesnt work, so You have to edit by root file ssh-copy-id (located /usr/bin/ssh-copy-id) around line 41:

 { eval "$GET_ID" ; } | ssh -p 1234 $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1