Restic can use the SFTP backend. I know SFTP provides encryption in transit. However, that encryption is weak because it’s asymmetric encryption, meant to hold up a decade or so. There could also be issues with the SSH key leakage.
Does restic encrypt data prior to sending the data to the SSH tunnel?
It seems Borgbackup encrypts before sending over the SSH. But I am new to both tools.
Also, is there any benefit with SFTP compared to rsync-ing a restic repo over ssh? (other than not having to keep a local copy).