LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Tarsnap: Cloud Backups for the Truly Paranoid

TarSnapTarsnap is a cloud backup company that emphasize strong cryptography. It’s the brainchild of Dr. Colin Percival, former FreeBSD security officer. Its motto is “online backups for the truly paranoid” and Tarsnap has been in business since 2008.

Tarsnap uses an open, documented cryptographic design that securely encrypts your files. The command-line client is perfect for Linux VPSes and uses a familiar tar syntax. On the back end, backups are stored on Amazon S3 and Tarsnap uses variable-length, deduplicated blocks of data. So if you change a file, only the changes to that file are backed up, not the entire file (like rsync).

Suppose you have a directory with 100MB of files and a 5% daily change rate. If you create a Tarsnap archive every day, you will see the following:

Monday (initial): 100MB archive created (100MB uploaded, 100MB stored)
Tuesday: 10MB archive created (5MB new data uploaded, 105MB total data stored)
Wednesday: 10MB archive created (5MB new data uploaded, 110MB total data stored)

If you then delete your Monday backup, the Tuesday archive will be made complete by retaining whatever Monday files are needed. It’s a very flexible system.

Tarsnap is not the cheapest backup solution by any means, but it does provide robustly secure files.

Installing Tarsnap

First, register at tarsnap.com, deposit some funds in your account, and download the client.

The client is available as a .deb, .rpm, etc. or you can get the source code. The source installs cleanly with the usual untar/configure/make install.

Be sure to open port 9279 via TCP, which is what tarsnap communicates on.

Setting Up Tarsnap

The tarsnap configuration file is in /etc/tarsnap.conf. You probably don’t need to change anything there, but you do need to register your system.

To this, using my email and setting up on a system called server1:

root@server1:~# tarsnap-keygen --keyfile /root/tarsnap.key --user me@example.com --machine server1
Enter tarsnap account password:

Note that the argument to –machine is just a name for the usage reports.

Note that you need to keep your key file (/root/tarsnap.key) safe!. If you lose this, you won’t be able to access your backups.

Using Tarsnap

Now that you’re setup, you can create backups.  Tarsnap comes with a robust man page (‘man tarsnap’) or run tarsnap -h for a short summary.

I’ve created a directory called /data and populated it with some data.  To back it up, I use tarsnap cf (create file – same syntax as tar):

root@server1:/data# tarsnap cf data.20200703 /data
tarsnap: Removing leading '/' from member names
              Total size Compressed size
All archives   102201669    102668723
(unique data)  102201669    102668723
This archive   102201669    102668723
New data       102201669    102668723

I can list archives (tars):

root@server1:/data# tarsnap --list-archives

And use (as you might expect) tarsnap tf to list the files in an archive:

root@server1:/data# tarsnap tf data.20200703
data/free stock photos/
data/Travel/March Trip.pdf
data/free stock photos/Dew-on-a-spiderweb-in-the-Fall.zip
data/free stock photos/Lonely-Key-Island.zip
data/free stock photos/Submarine-Dials-2.zip

The next day, I add some more data and create a new archive:

root@server1:/data# tarsnap cf data.20200704 /data
tarsnap: Removing leading '/' from member names
              Total size    Compressed size
All archives   257155378       250038933
(unique data)  154994247       147400577
This archive   154953709       147370210
New data        52792578        44731854

So I added a new 52,792,578 bytes.  Overall, I have 250MB stored, but it compresses and dedupes down to about 147MB.  You can see your total usage at any time via –print-stats:

root@server1:/data# tarsnap --print-stats
             Total size Compressed size
All archives  257155378    250038933
(unique data) 154994247    147400577

Finally, if I want to delete an archive, I use tarsnap df:

root@server1:/data# tarsnap df data.20200703
              Total size Compressed size
All archives   154953709    147370210
(unique data)  154953709    147370210
This archive   102201669    102668723
Deleted data       40538        30367





  1. Rev:

    “Online backups for the truly paranoid” and no redirect from HTTP to HTTPS on the website? My verdict – BULLSHIT!

    July 18, 2021 @ 6:02 am | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *