Tarsnap: Online Backups for Security Conscious Geeks
by Jim Mendenhall
Tags: Linux, Ubuntu, Backup
Tarsnap is an online backup service written and run by Dr. Colin Percival, the FreeBSD Security Officer. The service is aimed at true UNIX geeks who want secure online backups and are familiar with things like GPG keys, compiling source code, bash scripts and cron jobs. It is built for the “truly paranoid” and encrypts all your data before it leaves your computer. It’s a great alternative for those who don’t trust their data to other services such as Mozy and Dropbox.
The installation instructions are just incomplete enough to make even seasoned Linux users do some quick google searches to fill in the gaps. To help you along, I’ve included my own instructions for installing Tarsnap on Ubuntu below. If you manage to get everything installed, the rest of the process should be pretty easy and even fun.
Signing up for an account and adding money via PayPal was simple and painless. You need to add at least $5.00 to your account to get started as Tarsnap is a prepaid service. Storage costs 30 cents per GB per month. Transfer bandwidth to and from Tarsnap costs 30 cents per GB. While this isn’t the absolute cheapest online storage option, it is still rather reasonable. If you’re backing up smaller amounts of data, $5.00 might last you quite a long time. There are no montly fees and you only pay for what you use.
Getting backups set up is pretty easy if you’re familiar with Tar and things like cron jobs. Tarsnap is very similar to the Tar program that most UNIX admins use daily. There is no GUI, no backup scheduling, just a simple command line interface. If you want to schedule backups, you’ll need to write your own scripts and cron jobs. This might sound frightening to Linux beginners, but for seasoned users and administrators, Tarsnap’s simplicity and power is quite attractive. It should be especially great for system administrators who can probably augment or replace some of their existing backup systems with Tarsnap.
Overall, I’m pretty impressed with Tarsnap’s system. Once you have it set up, it is an incredibly simple system which gives you complete control over your backups. The de-duplication system and security design are very impressive, and having the source code available (with rather impressive bounties for finding bugs) makes me feel better about storing my backups online. I’m sure that I’ll be using Tarsnap in the future for backing up my most important files on both my desktop and servers.
Install instructions for Ubuntu 11.04
- Install some prerequisites
sudo apt-get install build-essential e2fslibs-dev hashalot zlib1g-dev libssl-dev
Download the source tarball, signed SHA256 hash file and the Tarsnap code signing GPG key
Import the Tarsnap key
gpg --import tarsnap-signing-key.asc
- Get the hash of the signed SHA256 hash file
gpg --decrypt tarsnap-sigs-1.0.29.asc
- Get the hash value of the source tarball and confirm that it matches the hash value from the signed hash file
- Untar the source tarball
tar -xf tarsnap-autoconf-1.0.29.tgz
- Run the configuration program
cd tarsnap-autoconf-1.0.29/ ./configure
- Build and install
sudo make all install clean
- Create a cache file directory
- Register your machine and make your keyfiles
rsnap-keygen --keyfile ~/tarsnap.key --user [email protected] --machine mybox
- Backup your keyfile! If you loose it, you won’t be able to access your backups!
- Create a local configuration file
cp /usr/local/etc/tarsnap.conf.sample ~/.tarsnaprc
- Edit your configuration file and change the following 2 settings
Tarsnap cache directory
Tarsnap key file
Make your first backup:
tarsnap -c -f mybackup /home /other/stuff
List your backups
Make a new backup
tarsnap -c -f mybackup2 /home /other/stuff
Delete old backups
tarsnap -d -f mybackup
List the files in the “mybackup2” archive
tarsnap -tv -f mybackup2
Restore two users’ home directories
tarsnap -x -f mybackup2 /home/auser /home/anotheruser
Read the manual for lots of other options