So, this is a rough summary of the central steps for using BorgBackup and Vorta to create encrypted backups from my local Linux machines to a Hetzner Storage Box (but it should work with any online/cloud storage that allows you to authenticate via SSH). It is mostly a reminder for myself for when I do this the next time, but it might have some value for others as well.
I stumbled over BorgBackup in one of the early episodes of the Linux Matters Podcast. It is a reliable tool that does one job very well, which is creating encrypted backups of the files of your choice, and does that on a schedule that makes sense to you. Personally, I want to have most things in my home folder backed up multiple times per day, just in case, and ideally in a remote location (as an addition to my local backups, following the 3-2-1 rule).
- Install Borg and Vorta
This is pretty obvious – you need to install them first. Here is my very detailed guide about installing BorgBackup under Ubuntu Linux (but most of it should apply to other distros as well). BorgBackup has no GUI, but you can control it completely in the command line. And while I am getting better using the CLI, in this case I prefer a GUI for managing my backups, setting up schedules, and all that stuff. This is where Vorta comes in, which does that job perfectly. There are different ways to install it, but I just used the Flatpak from flathub.org on my Ubuntu 24.04 system.
2. Setup the SSH connection to Hetzner Cloud Storage
The final goal is simple: set up my BorgBackup/Vorta combination to create and push the backups to the Hetzner Storage Box. The Hetzner Storage Box is just what the name says: online storage you can access through common ways like FTP, SSH, and SMB. For my setup, I want to set up a SSH key pair in Vorta and the Hetzner Storage Box so that Vorta can access the storage and push the backup to it through a secure connection automatically in the background without me doing anything.
Creating the SSH key pair, which consists of a private key that stays on your local machine and a public key that will be stored on the Hetzner Storage Box, is pretty straightforward. Just enter the following in the bash shell:
ssh-keygen
In the follow-up prompts, you can leave the default location and filename as is or change it (I leave the folder on default and only change the name of the key itself). You can also add a passphrase as an additional layer of security. That is totally up to you, and since I am no security expert at all, I can’t give you any advice here. Personally, I didn’t ruminate about this any further, because I put encrypted stuff only on there anyway.
On the Hetzner storage, I added a file named authorized_keys in the folder .ssh (both need to be exactly named like this) and added the content of my public key to it. To get the content from the public key, I navigated to the folder where ssh-keygen put the keys in (home/.ssh/ in my case), opened the file with any editor and just copied the content. If you wonder how I accessed the Hetzner Storage for creating the authorized_keys file, I just used the Filezilla FTP Client and connected via SFTP (here is a Hetzner tutorial).
3. Setup Vorta
The Vorta GUI is well done, and won’t go into every detail here. You can create as many backup repositories as you want. All you need is to specify a folder on the Storage Box (that you can create easily via SFTP as well) and select the private SSH key on your machine (which Vorta automatically picks up or at least suggests it, as long as it is in the default location).
That’s it. You can do an initial backup of some files to check if everything works before playing around with all the settings around schedules, keeping older versions, excluding certains folders or files, and many other things. Just don’t forget to check from time to time if the backups are still running and if they really work. To do that, you can easily mount the backups through the Vorta GUI and access the files on the Storage Box.
Additional ressources: