How to Configure a Remote Backup Server on Debian 12 Bookworm System

Data loss can be catastrophic, whether it’s for personal projects, small businesses, or enterprise environments. Backups provide peace of mind by safeguarding important files and system configurations. In this article, we’ll walk you through configuring a remote backup server on a Debian 12 “Bookworm” system. This setup ensures that critical data from one Debian machine is safely stored on another Debian system over the network using secure and automated processes.

Why Use a Remote Backup Server?

Remote backups are ideal because they store data separately from your main system. If your local disk fails or your system is compromised, your data still exists elsewhere. With Debian 12, tools like rsync, ssh, cron, and borgbackup make setting up a remote backup system both flexible and secure.

Key Features of This Guide

• Set up a dedicated Debian 12 remote backup server
• Secure the server with SSH and user restrictions
• Use rsync or borgbackup for efficient data syncing
• Automate backup tasks with cron
• Ensure data integrity and access control

Prerequisites

Before diving in, ensure the following:

• You have two Debian 12 systems:
  • Backup Server (where data will be stored)
  • Client System (where data is backed up from)
• Both systems have sudo/root access.
• SSH is installed and accessible between both machines.
• Basic knowledge of the Linux terminal and networking.

Step 1: Preparing the Backup Server

1.1. Create a Dedicated Backup User

Start by adding a dedicated user on the backup server to handle incoming backups:

sudo adduser backupuser

This user will be used by the client system to push backups via SSH. You can restrict this user’s access later to improve security.

1.2. Setup SSH Access

Generate an SSH key on the client machine:

ssh-keygen -t ed25519 -C "backup-key"

Copy the public key to the backup server:

ssh-copy-id backupuser@backup-server-ip

Now you can test the SSH connection:

ssh backupuser@backup-server-ip

It should log in without asking for a password.

1.3. Limit SSH Access for Backup User (Optional but Recommended)

Restrict what the backup user can do by configuring their SSH access:

Edit /etc/ssh/sshd_config on the backup server:

Match User backupuser
    ChrootDirectory /home/backupuser
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no

Restart SSH service:

sudo systemctl restart ssh

Note: If you’re using rsync or borgbackup over SSH (and not SFTP), skip the ForceCommand internal-sftp and ChrootDirectory.

Step 2: Prepare Directory Structure on the Backup Server

Create a directory structure to hold the backups. For example:

sudo mkdir -p /home/backupuser/backups/client1
sudo chown -R backupuser:backupuser /home/backupuser/backups

This keeps backups organized by source system.

Step 3: Choose Backup Method – rsync vs borgbackup

There are several tools for performing remote backups. Two widely used options are:

• rsync – Efficient for file-level syncing
• borgbackup – Compressed, deduplicated, and encrypted backups

We’ll cover both.

Step 4: Rsync-Based Backup Setup

4.1. Install rsync

Make sure rsync is installed on both systems:

sudo apt install rsync

4.2. Backup Script on Client System

Create a script on the client to run the backup:

nano ~/backup_rsync.sh

Paste the following:

#!/bin/bash

SOURCE_DIR="/etc"
DESTINATION="backupuser@backup-server-ip:/home/backupuser/backups/client1/etc"

rsync -avz --delete $SOURCE_DIR $DESTINATION

Make it executable:

chmod +x ~/backup_rsync.sh

4.3. Automate with Cron

Run crontab -e and add:

0 2 * * * /home/yourusername/backup_rsync.sh >> /home/yourusername/backup.log 2>&1

This runs the backup daily at 2 AM.

Step 5: BorgBackup-Based Setup (Alternative Method)

5.1. Install borgbackup

Install it on both the client and backup server:

sudo apt install borgbackup

5.2. Initialize Repository on Backup Server

On the client, initialize a remote repo:

borg init --encryption=repokey backupuser@backup-server-ip:/home/backupuser/backups/client1/borgrepo

5.3. Create Backup Script with Borg

Create ~/backup_borg.sh on the client:

#!/bin/bash

export BORG_PASSPHRASE='your-secure-passphrase'

SOURCE_DIR="/etc"
REPO="backupuser@backup-server-ip:/home/backupuser/backups/client1/borgrepo"
BACKUP_NAME="client1-$(date +%Y-%m-%d-%H%M)"

borg create --verbose --stats --compression zstd \
  $REPO::$BACKUP_NAME $SOURCE_DIR

borg prune -v --keep-daily=7 --keep-weekly=4 --keep-monthly=6 $REPO

Make it executable:

chmod +x ~/backup_borg.sh

5.4. Automate with Cron

Add to crontab:

30 1 * * * /home/yourusername/backup_borg.sh >> /home/yourusername/borg.log 2>&1

Step 6: Secure Your Backup Server

To improve security:

6.1. Firewall Configuration

Install and configure UFW:

sudo apt install ufw
sudo ufw allow OpenSSH
sudo ufw enable

Only allow the client’s IP if possible:

sudo ufw allow from client-ip to any port 22

6.2. Disk Encryption (Optional but Recommended)

Encrypt the storage disk or partition on the backup server using LUKS:

sudo apt install cryptsetup

During installation, follow prompts to encrypt the drive. You can then mount it to /home/backupuser/backups.

Step 7: Monitoring and Logs

Regularly check your logs:

tail -f ~/backup.log
tail -f ~/borg.log

You can also configure email notifications using tools like msmtp or sendmail in case of errors.

Troubleshooting Tips

• SSH Fails: Double-check SSH key permissions and ownership.
• Permission Denied Errors: Ensure the backup user has the right access to the backup directory.
• rsync errors like “rsync: command not found” – Make sure the shell is not restricted via ForceCommand internal-sftp if you’re using rsync over SSH.
• borg repository access issues – Always test with borg list to validate repository connection.

Conclusion

Setting up a remote backup server on Debian 12 Bookworm is a solid way to protect your system from data loss. By using robust tools like rsync and borgbackup, combined with the automation capabilities of cron and secure access via SSH, you can maintain regular, efficient, and safe backups with minimal manual intervention.

With a proper backup strategy in place, you can recover from accidents, data corruption, or cyber threats with confidence. Whether you’re backing up system configs, application data, or personal documents, Debian 12 provides the tools you need to build a resilient solution.