Tarsnap: Online Backups for Security Conscious Geeks

Published on by Jim Mendenhall

Tarsnap is an online backup service written and run by Dr. Colin Percival, the FreeBSD Security Officer. The service is aimed at true UNIX geeks who want secure online backups and are familiar with things like GPG keys, compiling source code, bash scripts and cron jobs. It is built for the “truly paranoid” and encrypts all your data before it leaves your computer. It’s a great alternative for those who don’t trust their data to other services such as Mozy and Dropbox.


The installation instructions are just incomplete enough to make even seasoned Linux users do some quick google searches to fill in the gaps. To help you along, I’ve included my own instructions for installing Tarsnap on Ubuntu below. If you manage to get everything installed, the rest of the process should be pretty easy and even fun.


Signing up for an account and adding money via PayPal was simple and painless. You need to add at least $5.00 to your account to get started as Tarsnap is a prepaid service. Storage costs 30 cents per GB per month. Transfer bandwidth to and from Tarsnap costs 30 cents per GB. While this isn’t the absolute cheapest online storage option, it is still rather reasonable. If you’re backing up smaller amounts of data, $5.00 might last you quite a long time. There are no montly fees and you only pay for what you use.

Making Backups

Getting backups set up is pretty easy if you’re familiar with Tar and things like cron jobs. Tarsnap is very similar to the Tar program that most UNIX admins use daily. There is no GUI, no backup scheduling, just a simple command line interface. If you want to schedule backups, you’ll need to write your own scripts and cron jobs. This might sound frightening to Linux beginners, but for seasoned users and administrators, Tarsnap’s simplicity and power is quite attractive. It should be especially great for system administrators who can probably augment or replace some of their existing backup systems with Tarsnap.


Overall, I’m pretty impressed with Tarsnap’s system. Once you have it set up, it is an incredibly simple system which gives you complete control over your backups. The de-duplication system and security design are very impressive, and having the source code available (with rather impressive bounties for finding bugs) makes me feel better about storing my backups online. I’m sure that I’ll be using Tarsnap in the future for backing up my most important files on both my desktop and servers.

Install instructions for Ubuntu 11.04

  1. Install some prerequisites sudo apt-get install build-essential e2fslibs-dev hashalot zlib1g-dev libssl-dev
  2. Download the source tarball, signed SHA256 hash file and the Tarsnap code signing GPG key

  3. Import the Tarsnap key gpg --import tarsnap-signing-key.asc

  4. Get the hash of the signed SHA256 hash file gpg --decrypt tarsnap-sigs-1.0.29.asc
  5. Get the hash value of the source tarball and confirm that it matches the hash value from the signed hash file sha256sum tarsnap-autoconf-1.0.29.tgz
  6. Untar the source tarball tar -xf tarsnap-autoconf-1.0.29.tgz
  7. Run the configuration program cd tarsnap-autoconf-1.0.29/ ./configure
  8. Build and install sudo make all install clean
  9. Create a cache file directory mkdir ~/.tarsnap-cache
  10. Register your machine and make your keyfiles rsnap-keygen --keyfile ~/tarsnap.key --user [email protected] --machine mybox
  11. Backup your keyfile! If you loose it, you won’t be able to access your backups!
  12. Create a local configuration file cp /usr/local/etc/tarsnap.conf.sample ~/.tarsnaprc
  13. Edit your configuration file and change the following 2 settings
nano ~/.tarsnaprc

Tarsnap cache directory

cachedir ~/.tarsnap-cache

Tarsnap key file

keyfile ~/tarsnap.key

Make your first backup:

tarsnap -c -f mybackup /home /other/stuff

List your backups

tarsnap --list-archives

Make a new backup

tarsnap -c -f mybackup2 /home /other/stuff

Delete old backups

tarsnap -d -f mybackup

List the files in the “mybackup2” archive

tarsnap -tv -f mybackup2

Restore two users’ home directories

tarsnap -x -f mybackup2 /home/auser /home/anotheruser

Read the manual for lots of other options

man tarsnap