Skip to main content

Efficiently backup your server – Rsnapshot

Backup are often overlooked or set in “Procrastination” mode (I’ll do it tomorrow…) but it is probably one of the most important task you need to do it, and do it right.

When a failure or hack happen, no one want to loose all its work (Hundreds articles written? Super important files? etc…).

I think we have to differentiate RAID and Backup system.

For me, a RAID system is not for backup, but for availability. If you got an issue, you can quickly rebuild the system. But if a bad copy is shared to all your drives through your RAID, well it’s too late.

The most popular way to back up a server is probably through RSYNC (file synchronization and file transfer program). Very simple to use, it will only transfer files if there is a difference (New files? modified files? Deleted files?, etc…). It can then save a lot of bandwidth, better than simply copy everything again and again.

I’ve been using Rsync for years for my backup system, but decided to change over Rsnapshot, mainly because of the lack (or not efficient) versioning. I used to create a script to keep 7 days back up of my MySQL databases and websites and an additional copy every month. But my backup folder started to explode after few months, so I had to delete the old one manually to free up some space.
Rsnapshot can actually fix it, that’s way I’ve decided to use it instead.Rsnapshot is an open source backup software written in Perl, that uses Rsync and SSH to create incremental backups.

The differences of backup are kept with hardlinks (Keep only 1 version of the file).You can set up rotative backups on a daily, weekly and monthly basis while backups can be from a local or a remote filesystem (Through SSH).

Let’s see how to use it.


Simply run in root (or with sudo)


Rsnapshot configuration

  • Local Backup

1) Create a specific folder to keep all backups

In my case, I have a SSD for the system and 1 HDD for big files. So I’ll back up all the important stuff from the SSD on my HDD.

2) Configure the /etc/rsnapshot.conf file

and configure:

– snapshot_root (Where to store your backups)

– Backup Intervals

Although the default settings are enough, you could modify this part to add a monthly backup for example.

Hourly 6, means you keep 6 copies of the hourly backup (So one every 4 hours)

Daily 7 means you keep 7 copies of the daily backup (So one every day)

You can uncomment the

(It’s not space it’s TAB between the values)

if you want monthly backup too.

– Local directories

Setup the folder your want to backup using the following syntax:

In my case I will backup my /home and /var/www.

Note that the path must finish by /

– MySQL databases

You will need the mysql-client to be installed in order to use mysqldump.

Then create a simple script in your /home/user/

and paste:

(replace the user/password)

and in the /etc/rsnapshot.conf at the localhost local directories, add:

(Still use TAB, not space, between the values)

3) Test the configuration

4) Run it

Give it a try by running

5) Set up cron tasks for the automatic back up

By default, rsnapshot comes with cron file under “/etc/cron.d/rsnapshot“ but are commented.

Simply uncomment them to enable hourly, daily, weekly and monthly backup.

The first line, will run every 4 hours the hourly backup. Rsnapshot will create the hourly directory and based on your configuration will keep “n” copies.

The second line will run daily at 3:30am and will create the daily directory.

The third will run the weekly backup every Monday at 3:00am

The forth will run the monthly backup at 2:30am.


  • Remote Backup

If you want to remotely backup another server/machine, here are the additional steps:

1) Create a SSH Password-less Login for the remote machine

On your local server, you will first need to create a RSA SSH key, simply run:

and leave the password empty.

Then, add your public SSH key to the authorized keys on your remote machine.

Still using the terminal of your local server, run:

If you have a message about the authenticity of the host, just say yes.

It will then ask you the user password you mentioned on the command. Once enter, it will add your SSH key automatically to the authorized keys.

Simply give it a try by running

2) Modify the /etc/rsnapshot.conf

– Enable remote backup over SSH:

Find and uncomment the line

– Change SSH port if needed

If your SSH port is not the default 22, you can change it at the line:

– Set the remote directories

At the end of the file you can add something similar:

to copy the remote host’s home under the folder ‘MyRemoteHost’ that will be created on your local backup folder.

If you want to backup your remote MySQL databases, similar than local one, you can create a script to dump the databases, or directly set the command inside the /etc/rsnapshot.conf such as:

As you can see, it needs to be broken in 2 parts, the first will run mysqldump on the remote host and we will use a “Unused” folder to avoid conflicts with others “used” folder like mysql in the second command. This will avoid the error:

The second command will simply copy the mysqldump.sql file to your local backup folder.

3) Give it a try

You can manually run the first backup to give it a shot:

or for some verbose, simply add -v


You should now have a working and proper backup system. Obviously you will still need to make some others copies on different supports/locations to minimize the risk of loosing your data.

If any question or unclarity, please let me know

OpenSSH – Remote access to your server in command line

To control your server (Most probably headless, with no keyboard and mouse attached), you can use SSH (Secure Shell) Protocol.

Hence, here is how to install it and improve the security of this service.

OpenSSH logo


Yep, that’s all !



If you are using Windows, I suggest you to use the software called Putty.
You will just need to enter the local IP of your server.
And on GNU/Linux, just type:
Replace admin by the user you have created during the OS’ installation, and 192.168.0.IP by the IP of your machine. It will ask you your user’s password. Type it. (No character will be shown).

If you don’t know the IP of your server, type the following command on your server to get your IP. It should be something like 192.168.x.x:

And now you shoud be connected !


You could do few things to improve the security of SSH on your server for example:

1) Create and use DSA key instead of simple password

To improve your security, the main step is to use encryption keys + password.

– On the client, (not the server), create a couple of DSA key. (Public and private)
As your regular user, type:
– Save the key where you wish to

– And enter a STRONG password

It will create a couple of keys of which the “” will need to be added into the accepted keys of your server.

Still on the client, type:
/home/YOURUSER/.ssh/ being where you saved your previously generated key.

It will automatically load your key in the authorized_keys file of your server.

Now that your key is accepted, we will only authorized this authentication method and remove the password-only way.

We will configure the ssh daemon to do so.

On the server side, type:

and uncomment (remove the #) the line

Save. (CTRL + X, then Y and press Enter)


2) Change default port number

22 is the default port number of SSH, however, most cracking attacks come from automated scripts that scan the net for ssh daemons and attempt to break in, usually on the default port, ie 22.

Hence, changing the default port number reduce greatly this risk (But do not reduce the risk of a real hacker to get in tho)

Still in sshd_config,

change the line

by the port you want.

But don’t forget to open this new port into your router.


3) Forbid direct ROOT access

By forbidden to connect to your server using root directly, this could improve a little bit the security of your server. Obviously you will still be able to use sudo/su command.

Find the line

and change by

4) Reduce LoginGraceTime

To avoid keeping a login attempt open too long, you could reduce down the LoginGraceTime

Find the line

And change it by something like

(It uses second as metric)

But be careful not to set it too low as one day you may want to access it from a long distance or poor connection with high latency.


5) Only allow specific username

You could only allow specific usernames to access to your SSH. If you want to do so, modify/add the line


6) Add Banner Message

How about adding a small banner message to display


Create your message in /etc/

And write what you want like:

and in sshd_config uncomment/modify the line


And don’t forget to restart the daemon after your changes:


Obviously, this won’t be perfect, but should help to increase a bit the security of your SSH service.

And you, how do you configure your SSH Daemon?