Setup backup with Borg

Borgbackup is a powerful open source tool written in python. These lines were wrote with the help of official doc Borgmatic is a python wrapper know to use a yaml config file We will not use it today.

Let’s start with basic on client side

bob@linuxlaptop:~$ sudo apt update && sudo apt upgrade -y

Install borgbackup

bob@linuxlaptop:~$ sudo apt install borgbackup

Generate a new ssh key

bob@linuxlaptop:~$ ssh-keygen -t ed25519 -C "borgKeyBackup" -f borgSshKey
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in borgSshKey
Your public key has been saved in

Make sure keys have strict permissions:

bob@linuxlaptop:~/.ssh$ ls -lh b*
-rw------- 1 bob bob 399  1 févr. 21:30 borgSshKey
-rw------- 1 bob bob  95  1 févr. 21:30

Add you public key to borg server$ grep borg authorized_keys 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDV8+S0vkINs9t9EUnlatD/i9lHan1WhCf3CB649rFXo borgKeyBackup

Init the repository

bob@linuxlaptop:~$ borg init --encryption=repokey ssh://
Enter new passphrase: 
Enter same passphrase again: 
keep you passphrase safe with tools like keepass.

Also export borg key as an ready to import file for recovery on another server if needed. Trust me you will be happy to have done this step while attempt to restoring backup.

bob@linuxlaptop:~$ borg key export --paper ssh:// | tee exportedBorgKey.key
To restore key use borg key import --paper ssh://

and also in html:

borg key export --qr-html ssh:// exportedBorgKey.html

Run backup

Here a minimal bash script to put in a cron/systemdTimer


export BORG_REPO="ssh://"
export BORG_PASSPHRASE='oodiechueT0Sahchoh3ieNohd6wia4pCHANGEME'
borg create --stats --verbose --progress --compression zstd,10 ssh://"$(hostname)--$(date +%A-%C-%B-%Y_%H:%M)" /home/bob