Hetzner - DokuWiki



Applying for backup

In addition to your dedicated root server you will receive 100GB backup space which you can apply for cost-free via Robot. First of all click on the link "Servers" in the menu and then select your server. You can apply for your backup account by using the "Backup" tab. Please note that the backup space can only be used from your dedicated root server as access is only permitted from Hetzner network.

Functions in Robot

In Robot (under the "Backup" tab) you can generate a new password for your backup account and also erase the content of the backup account. Furthermore, you can have your current usage displayed graphically. The data for this display is updated every 10 minutes.

Useful software

  • Backup with Tartarus
    • "On-the-fly” backup on FTP server
    • Support of LVM snapshots
    • Encryption (symmetrical or asymmetrical by key or password)
    • Incremental security measures
    • Based on prevalent Unix tools, enabling easy recovery from the rescue system (tar, bzip2, etc.)
    • Profile configuration files
    • Integrated "Hooks" make it suitable for special cases
    • Removal of old security measures from the FTP server using the charon tool
    • [Tartarus backup configuration] with examples and instructions
  • Backup with Backup2l/gpg/ftp
  • Duplicity – GPG encrypted, compressed, incremental backup from untrustworthy media or unencrypted protocols such as the FTP offered exclusively by Hetzner to the backup server. Can also rsync and ssh. In Debian (4.0) it should not be installed with apt-get install duplicity because the old version in Debian (0.4.2) can cause problems with servers (Error 226: Transfer complete). Instead the current version (tested with 0.4.9) from http://download.savannah.gnu.org/releases/duplicity/ should be used. For details see the Hetzner forum.

General tips

Please note that the speed of the backup is dependant on how many other clients are simultaneously accessing the backup server. Consider running your backups at another time if you experience performance problems.

It is also important to use the DNS names assigned to you (<username>.your-backup.de; only affects new backup accounts) in place of the underlying IP address as the IP address can change.


You can access your backup space by means of FTP, SFTP and SCP. Please use the host names assigned to you (<username>.your-backup.de) as well as your username and password.

For SFTP/SCP it is possible to authenticate yourself with a Public Key. You can provide a Public Key in RFC4716 format in the file .ssh/authorized keys on your backup space. You can convert your Public Key in FTC4716 format with the programme “ssh-keygen” with the parameters “-e” and “-f <input pubkey>”. It is important that the automatically inserted comment line be erased. You need to manually create the .ssh directory if required.

For example:

server# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
cb:3c:a0:39:69:39:ec:35:d5:66:f3:c5:92:99:2f:e1 root@server
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|         .   =   |
|      . S = * o  |
|   . = = + + =   |
|    X o =   E .  |
|   o + . .   .   |
|    .            |

server# ssh-keygen -e -f .ssh/id_rsa.pub | grep -v "Comment:" > .ssh/id_rsa_rfc.pub

server# cat .ssh/id_rsa_rfc.pub

server# cat .ssh/id_rsa_rfc.pub >> backup_authorized_keys

server# echo mkdir .ssh | sftp u15000@u15000.your-backup.de
Connecting to u15000.your-backup.de...
The authenticity of host 'u15000.your-backup.de (' can't be established.
RSA key fingerprint is 3d:7b:6f:99:5f:68:53:21:73:15:f9:2e:6b:3a:9f:e3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'u15000.your-backup.de ,' (RSA) to the list of known hosts.
u15000@u15000.your-backup.de 's password:
sftp> mkdir .ssh

server# scp backup_authorized_keys u15000@u15000.your-backup.de:.ssh/authorized_keys
u15000@u15000.your-backup.de's password:
backup_authorized_keys                                        100%  406     0.4KB/s

server# sftp u15000@u15000.your-backup.de
Connecting to u15000.your-backup.de...
sftp> ls
sftp> exit

Note: When uploading the Public Key you cannot use ssh-copy-id.


You have the option of integrating your backup space with Samba/Cifs. You can use the following UNC path:



You can also access your backup space via IPv6. For this there is a DNS entry in the format "ipv6.<username>.your-backup.de" type AAAA. To get the IPv6 address you can for example use the following command:

dig AAAA ipv6.<username>.your-backup.de

Determining memory usage

To find out how much free space you have (be it backup scripts or status emails) you can use the 'lftp' programme:

 # apt-get install lftp

Determining memory usage:

 # echo du -s .  \

Readable with the parameter -h:

 # echo du -hs .  \

The command allows you to use a Hook to link with Tartarus, by inserting the following lines in the Tartarus configuration:

echo "du" | /usr/bin/lftp -u "$STORAGE_FTP_USER,$STORAGE_FTP_PASSWORD" "$STORAGE_FTP_SERVER" | awk -v LIMIT=100 '$2=="." {print ((LIMIT*1024*1024)-$1)/1024 " MiB backup space remaining"}'

© 2018. Hetzner Online GmbH. Alle Rechte vorbehalten.