Remote Backup Across the Internet Using rsync and SSH


There's a time for everything, for everyone. So does there's a time when server crashes and your data gone. Off course, that's happened if you don't have any backup.

It's always considered best practice to backup our precious data. As for websites, most important data could be public web directory where the application resides and the database from your website. We'll cover how to do backup from one server to another one.

Before getting started, you'll need these packages installed:

  1. rsync
  2. openssh
  3. cron

Please note these solution might be specific for Linux, some modification or command line parameters might need to be adjusted for another *NIX OS. As always, if in doubt, RTFM.


  • BACKUP_HOST - The server where you want to store your backup files
  • BACKUP_PASS - Password for BACKUP_USER
  • REMOTE_HOST - The server with the files to be backed up
  • REMOTE_PASS - Password for REMOTE_USER

Initial Testing

Initial testing to make sure everything is installed, issue this command on your terminal (BACKUP_HOST)

$ rsync -avz -e ssh REMOTE_USER@REMOTE_HOST:/directory/to/be/backed/up /backup/directory/on/backup/host

If everything went well, you should see the screen will be scrolled up and on the last line it displays something similar like this (with different number, off-course):

sent 44264 bytes  received 14880872 bytes  663339.38 bytes/sec
total size is 22964887  speedup is 1.54

Backup Node Configuration

Next step is to generate a private/public key pair to allow ssh connection without asking password. This might seems dangerous, which actually it is, but it still considered as better solution than storing a clear text password somewhere in the script. This method could be secured further by limiting on where connections made with this key can come from and what could be done when connected. Here's how to generate the key:

$ ssh-keygen -t rsa -b 2048 -f backup-rsync-key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in backup-rsync-key.
Your public key has been saved in
The key fingerprint is:
0e:98:aa:92:a5:58:03:e0:57:c2:44:bd:ad:62:e7:50 [email protected]
The key's randomart image is:

Please note: Make sure no other user could read the private key, it's the one without the *.pub extension.

To make this key works, put the public key into the 'authorized_keys' file on REMOTE_HOST for REMOTE_USER:


You can use SCP to put the file to REMOTE_HOST


Remote Host Configuration

It's time to move forward with remote host configuration. Make sure you have the directory and files you need to authorize with this key.

$ if [ ! -d .ssh ]; then mkdir .ssh ; chmod 700 .ssh ; fi$ mv .ssh/
$ cd .ssh
$ if [ ! -f authorized_keys ]; then touch authorized_keys ; chmod 600 authorized_keys ; fi
$ cat >> authorized_keys

As previously noted that this key would allow connections from everywhere, edit the 'authorized_keys' file and modify the line with '' information on it. Example, this line:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAswfrVqbshLnGrzK58Bo/h8rSvotk8cdRYoLddqP6UVgh3g9s9Zpq3

should be changed like this:

from="",command="/home/REMOTE_USER/automatic/validate-rsync" ssh-rsa AAAAB3NzaC1y
Ww== [email protected]

Where the should be changed with your BACKUP_HOST ipv4, and '/home/REMOTE_USER/automatic/validate-rsync' file contains:


echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
echo "Rejected"
rsync\ --server*)
echo "Rejected"

Note: Make sure the '/home/REMOTE_USER/automatic/validate-rsync' script is executable by REMOTE_USER on REMOTE_HOST and test it.

Final Testing and Make it Runs on Regular Basis

Now it's the time to test it. Issue this command:

$ rsync -avz -e "ssh -i /home/BACKUP_USER/backup-rsync-key" REMOTE_USER@REMOTE_HOST:/directory/to/be/backed/up /backup/directory/on/backup/host

If above command returns something like this:

receiving incremental file list

sent 420 bytes  received 70710 bytes  10943.08 bytes/sec
total size is 22964887  speedup is 322.86

Then it means all steps were done correctly and a cron script could be added. I use this bash script, store it to '/home/BACKUP_USER/rsync-REMOTE_HOST-backups' and put it on cron task:




Crontab to schedule it everyday at 2:00AM:

0 2 * * * /home/BACKUP_USER/rsync-REMOTE_HOST-backups 

Note: To make sure the script runs correctly, you can test run it using ./rsync-REMOTE_HOST-backups

Final Words

Well, that's it. I hope that you now know how to backup your server remotely accross the internet using rsync and SSH. If you run into any issues or have any feedback feel free to drop a comment below.



0 comment

Leave a reply

Your email address will not be published. Required fields are marked *