Use Borg Backup to backup your files to a remote server

published on June 22, 2025

BorgBackup is a powerful, deduplicating archiver that's perfect for creating secure and efficient backups. This guide will walk you through setting up, configuring, and using BorgBackup for your primary server, with backups stored on an offsite server.

1. Initial Setup

First things first, you'll need to install BorgBackup on both your primary server (the one you want to back up) and your offsite server (where your backups will be stored).

On both servers, open your terminal and run:

sudo apt install borgbackup

Next, create a dedicated directory on your offsite server to store the backups:

mkdir /home/user/backup

2. Secure Access: SSH Key Pair for Passwordless Operations

To enable seamless, passwordless access for Borg, you'll need to generate an SSH key pair on your primary server.

On your primary server:

ssh-keygen

When prompted, save the key as /home/user/.ssh/id_rsa_borg.

Now, copy your newly created public key to the offsite server:

ssh-copy-id -i '/home/user/.ssh/id_rsa_borg' username@offsite_server -p [port]

Test your SSH connection to ensure everything is set up correctly:

ssh -i '/home/user/.ssh/id_rsa_borg' username@offsite_server

3. Initialize Your Borg Repository

On your primary server, initialize your Borg repository on the offsite server. We'll use repokey encryption for added security:

borg init --encryption=repokey ssh://username@offsite_server:[port]/home/user/backup

4. Managing Your Repository Key (Important!)

It's crucial to export your repository key for safekeeping. This key is essential for accessing your backups if you ever need to import it.

mkdir -p /home/user/.config/borg/keys
borg key export ssh://username@offsite_server:[port]/home/user/backup /home/user/.config/borg/keys/backup_repo_key

If you ever need to import the key, use the following command:

borg key import ssh://username@offsite_server:[port]/home/user/backup /home/user/.config/borg/keys/backup_repo_key

5. Streamlining with Environment Variables

To avoid repeatedly typing out your repository details and passphrase, set up environment variables on your primary server:

export BORG_REPO='ssh://username@offsite_server:[port]/home/user/backup'
export BORG_PASSPHRASE='your repository passphrase'

Additionally, tell Borg where to find your SSH keyfile:

export BORG_RSH='ssh -i /home/user/.ssh/id_rsa_borg'

6. Restricting Borg Access on the Offsite Server

For security, limit the SSH key's capabilities on the offsite server to only allow Borg operations within the backup directory.

On the offsite server, edit your authorized_keys file:

sudo nano /home/user/.ssh/authorized_keys

Find the line corresponding to your Borg SSH key and add the following at the beginning of the line (before ssh-rsa):

command="borg serve --restrict-to-path /home/user/backup",restrict,no-pty,no-agent-forwarding,no-port-forwarding

Test access to the offsite server again to confirm the restrictions are in place:

ssh -i '/home/user/.ssh/id_rsa_borg' username@offsite_server

7. Making Your First Test Backup

On your primary server, create a test backup:

borg create ::backup_name /home/user/path/to/file

You can exclude specific files or directories using --exclude=path/to/file/.

To see your existing backups, use:

borg list

8. Restoring and Deleting Backups

To test restoring a backup (Borg defaults to restoring to the current directory):

borg extract ::backup_name

You can also perform a dry run to see what would be extracted without writing any data:

borg --dry-run ::backup_name

To delete a backup:

borg delete ::backup_name

9. Automating Your Backups with a Script

For consistent backups, set up a script and automate it with cron.

Create a new script file:

nano borg-backup.sh

Add the following lines, modifying them to fit your backup needs (e.g., paths to exclude):

#!/bin/sh
# Backup home directory to a remote location using Borg.
# To restore: borg extract username@offsite_server:/path/to/backup_repo::backup_name

export BORG_RSH='ssh -i /home/user/.ssh/id_rsa_borg'
export BORG_REPO='ssh://username@offsite_server:[port]/home/user/backup'
export BORG_PASSPHRASE='your repository passphrase'

# Backup /home excluding cache & downloads
borg create -v --stats ::$(hostname)-$(date +"%d-%b-%Y") /home \
--exclude '/home/*/.cache' \
--exclude '/home/*/.ccache' \
--exclude '/home/$USER/Downloads' \

# Prune extra backups
borg prune --prefix $(hostname)- --keep-daily=7 --keep-weekly=4 --keep-monthly=12

exit 0

Make the script executable:

sudo chmod +x borg-backup.sh

Test the script manually to ensure it runs without errors:

./borg-backup.sh

Finally, set up cron to run your backup script automatically by moving it to /etc/cron.daily:

mv borg-backup.sh /etc/cron.daily

You've now successfully set up and configured BorgBackup for reliable and automated backups! Remember to regularly check your backups to ensure their integrity.