Backup to ssh client (rather than server)

I just started looking at restic, and so far it looks very good to me. I am looking for a use case however that may not be directly supported: I want to make a backup of a remote server to my local computer. The local machine runs an ssh client, but not a server. The remote machine has ssh. Ideally I would either

  1. run a command on my local machine to trigger a backup of the remote machine being made and stored locally (i.e. on my local machine, that doesn’t run an ssh server), or

  2. make local backups on the remote machine, and then once in a while run a command on my local machine to clone the repository or update the changes, similar to “git clone” (the first time) or “git pull” or “git update” (subsequent times), maybe “restic clone” and “restic update”.

What I am trying now is something like this second approach, using “rsync -az” on the repository. This does actually seem to work, but I could imagine that it is not necessarily a very efficient approach, maybe a small change in the backed-up data would result in a big change in data to be synched.

Any advice would be very welcome.

Can’t you make your remote machine connect to your local machine over SSH? Then you can simply run restic on the remote machine, targeting the local machine as the repository (using the SFTP backend).

Another alternative is to set up a VPN (so your remote machine can connect to your local machine over the VPN) or just a simple SSH tunnel (so that your remote machine can connect to a port on itself that is then forwarded over the SSH tunnel you initiate from your local machine to the remote machine, targeting the SSH port on your local machine).

Another alternative that you already mentioned is that you use e.g. rclone to sync a backup from the remote machine to your local machine, but that will of course require quite a lot of disk space on the remote machine.

Personally I would go with a VPN or SSH tunnel.

1 Like

If the space is available on the remote machine, I’d probably backup into a local repository on the remote machine, and use rsync (with --delete, so that files removed remotely are deleted locally). This solution has the most redundancy.

Another solution is to run the REST server on the local machine, use ssh with a remote port forward (e.g. run the REST server on port 8000, then use ssh -R 8000:localhost:8000) to forward the REST server port to the remote machine. You can then run restic with the REST backend on the remote machine to connect through the SSH port forward to the REST server on the local machine. I’ve heard that this works very well for several users.

If you do this, please make sure to configure proper authentication for the REST server, otherwise all processes on the remote server can delete data in the repo!

1 Like

I presume the purpose of doing it this way is to have HTTP over SSH instead of SSH over SSH, expecting better performance? Otherwise I fail to see the point of involving additional software.

They said that they do not run an SSH server on the local machine, so instead of running SSH they could also run the REST server. They can then also start/stop the REST server as needed, e.g. in a script.

I thought it’d be nice to share this way of using restic :slight_smile:

Gotcha. My mistake, sorry.