Automated Backups With rdiff-backup - Page 2

Step 3: Edit The Public Key On

Log in as root on and have a look at /root/.ssh/authorized_keys. It should look similar to this:

ssh-rsa AAAAB3Nza[...]W1go9M= rdiff-backup@backup

Now prepend the following string to /root/.ssh/authorized_keys:

command="rdiff-backup --server --restrict-read-only /",from="",no-port-forwarding,no-X11-forwarding,no-pty

It must be in one line(!) with the key, only seperated by a space:

command="rdiff-backup --server --restrict-read-only /",from="",no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3Nza[...]W1go9M= rdiff-backup@backup

This will run the command rdiff-backup --server --restrict-read-only / when the user rdiff-backup fom connects to over SSH. --restrict-read-only / makes sure that rdiff-backup has only read access on It depends on your rdiff-backup version if this works. If this does not work for you you can leave out --restrict-read-only / so that it reads

command="rdiff-backup --server",from="",no-port-forwarding,no-X11-forwarding,no-pty

In from="" you should use the hostname that a reverse lookup of's IP address returns. For example, if's IP address is, and

dig -x


rdiff-backup@backup:~$ dig -x

; <> DiG 9.2.4 <> -x
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38020
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;      IN      PTR

;; ANSWER SECTION: 43200 IN      PTR

;; Query time: 118 msec
;; WHEN: Thu Oct 13 14:56:03 2005
;; MSG SIZE  rcvd: 83


then you should use

command="rdiff-backup --server --restrict-read-only /",from="",no-port-forwarding,no-X11-forwarding,no-pty

You can as well use's IP address:

command="rdiff-backup --server --restrict-read-only /",from="",no-port-forwarding,no-X11-forwarding,no-pty

Next run

chmod -R go-rwx /root/.ssh

Then have a look at /etc/ssh/sshd_config. It should contain the lines

RSAAuthentication yes
PubkeyAuthentication yes

Restart ssh if you had to change /etc/ssh/sshd_config:

/etc/init.d/ssh restart

Step 4: Test rdiff-backup On

Back on, again as the user rdiff-backup, we test the backup:

cd /backup
rdiff-backup server1_backup::/boot boot

In the second command you see the string server1_backup. That is the string we used in /backup/.ssh/config after host. With this second command, the user rdiff-backup will connect to as the root user and save the directory /boot of to the directory /backup/boot on If you see that it is working and you do not have to type in a password, then - congratulations! You did it!

Now all there is left to do is to create a cron job. Still as user rdiff-backup, run

crontab -e

and create a cron job like this:

40 2 * * * /usr/bin/rdiff-backup --exclude /tmp --exclude /mnt --exclude /proc --exclude /dev --exclude /cdrom --exclude /floppy server1_backup::/ /backup/server1

This runs the backup every night at 2.40h, saving the directory / with all subdirectories (excluding /tmp, /mnt, /proc, /dev, /cdrom, /floppy) of in /backup/server1 on

(Note (a little off-topic): on Debian Sarge crontab -e will automatically open the editor nano. If you are used to working with the editor vi (like me), run the following commands:

rm -f /etc/alternatives/editor
ln -s /usr/bin/vi /etc/alternatives/editor

Afterwards, run crontab -e, and vi will come up.)

To find out more rdiff-backup commands (especially how to restore a backup), run

man rdiff-backup

and have a look at


rdiff-backup Homepage:

rdiff-backup Examples:

Share this page:

12 Comment(s)

Add comment


From: Anonymous at: 2005-11-30 16:16:17

hi guys

when i try to run this command

ssh-copy-id -i ~/.ssh/

i am getting following error

main1:/backup$ ssh-copy-id -i .ssh/
ssh: Name or service not known

can some one help me with this

From: Anonymous at: 2006-02-20 17:52:50

Things like are simply examples. You have to use your own server names.

From: at: 2007-07-20 17:41:49

Try (for example):

ssh-copy-id -i .ssh/

From: at: 2007-01-18 03:47:43

I have lots of data that will be backed up across servers and I don't want this affecting the performance of my websites and stuff I have happening specifically on other nic devices so is it possible to specify which nic I want to do the backups on?

 It would be nice to add a brief description on how to do this in your article.

From: at: 2008-01-21 23:26:03

If you're going to do Linux backups and you want them to be trustworthy, you should really read the following article on reliable Linux backups: How to backup Linux, BSD and other Unix-like systems properly

In this article, the author (a good buddy of mine) describes in great length the does and don't of backing up Unix-like systems. He also goes into great detail about the advantages and disadvantages of various backups methods, so that you will be able to estimate whether you're beter of with rdiff-backup/rsync or something like Dar.

Read it. It will almost inevitably make you consider something you've never considered before. It did me. 

From: Anonymous at: 2009-06-06 19:43:32

Re Step1

Do you really need to install rdiff-backup on both machines?

Why not just the backupserver?

From: Huzoor Bux at: 2012-01-11 06:37:46

I have 4 servers and i need to make backup of all these servers on my backup server please suggest me that is this possible or not if possible then how can i manage   /backup/.ssh/config  file.

 Thanks in Advance.. :)

From: Anonymous at: 2006-07-21 13:24:00

rm -f /etc/alternatives/editor
ln -s /usr/bin/vi /etc/alternatives/editor

 this broke my crontab

 fixed with:  export EDITOR=vi && crontab -e

From: at: 2008-02-18 13:55:24

I'm working on a start script which can be run in the crontab fields for rdiff-backup. It will initiate the backup and send an email with result to a pre-defined person.

I would also suggest that anyone who run rdiff-backup also add --exclude /sys to their crontabs/rdiff-backup commands as sysfs is often mounted on /sys and has no point to be backed-up. Takes a lot of extra time to process files which are changed during runtime.

There are more of these directories and files which you can block out to improve performance. But it's the same reason why you dont backup /proc for all of them. 

From: Anonymous at: 2006-08-22 16:38:12

ssh-keygen -t rsa
# hit return three times

ssh-copy-id -i ~/.ssh/ username@remote_host
# enter your password for username on remote_host

cat > /etc/cron.daily/remote_backup
rsync -e 'ssh -p 22' -avzp /some/dir remote_host:/var/backups/some_host

chmod +x /etc/cron.daily/remote_backup

ssh username@remote_host mkdir /var/backups/some_host

From: Kim N. Lesmer at: 2008-10-30 00:21:34

When you use rdiff-backup to backup from a local machine to a remote host, rdiff-backup has to be installed on both systems, and it has to be the same version or at least no major changes most appear between the versions.

From: at: 2010-12-28 11:54:00

If your has sshd on different port than 22 eg. 1234 than You have to make additional changes on server

Add extra line to /backup/.ssh/config: port 1234

You shoul also use ssh-copy-id -p 1234 -i ~/.ssh/ instead of ssh-copy-id -i ~/.ssh/

 Sometimes obove doesnt work, so You have to edit by root file ssh-copy-id (located /usr/bin/ssh-copy-id) around line 41:

 { eval "$GET_ID" ; } | ssh -p 1234 $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1