Sebastian Mogilowskis Blog

Just another blog about administration, linux and other stuff

Notebook Backup to external crypted disk

Here is the documentation, how i making backups of my notebook. I use a external USB harddisk, which is connected to my docking station. On system logon, i check if the external disk is present and mount it. A cronjob starts a backup script, which creates backups with rsync if the backup partition is mounted. Please note, that you have to replace some values in this howto. Replace “sebastian” with your username and replace “sdb” if it is needed.

1 Install cryptsetup

sudo aptitude install cryptsetup

2 Create crypto disk

sudo cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sdb

sudo cryptsetup luksOpen /dev/sdb backup

For an automatic mount of the backup disk, you need a keyfile:

mkdir /home/sebastian/backup

sudo dd if=/dev/urandom of=/home/sebastian/backup/keyfile bs=1024 count=4

sudo cryptsetup luksAddKey /dev/sdb /home/sebastian/backup/keyfile 

3 Create Filesystem

sudo mkfs.ext4 /dev/mapper/backup

sudo e2label /dev/mapper/backup Backup

4 Create Mount point

sudo mkdir /media/backup
sudo chown sebastian:sebastian /media/backup

5 Mount

sudo mount /dev/mapper/backup /media/backup

6 Create automount

The external backup storage is not always connected with my system. I created a script which mount the external harddrive if it is connected. For an external connected device it is not sure that it always called “sdb”. So i used the UUID instead.

6.1 Get device UUID

sudo blkid

You will get an output like this:

/dev/mapper/backup: LABEL="Backup" UUID="4d0c0001-3cac-43ad-abf7-904e3a2f91b1" TYPE="ext4"

6.2 Create script

vim ~/backup/


if [ /dev/disk/by-uuid/e9fbd5d9-215b-4a82-a794-7ab7724ac3f8 ]
    cryptsetup luksOpen -d ~/backup/keyfile /dev/disk/by-uuid/e9fbd5d9-215b-4a82-a794-7ab7724ac3f8 backup
    mount /dev/mapper/backup /media/backup

Make executable:

chmod +x ~/backup/

6.2 Add script to sudoers

sudo visudo

Open the sudoers file and insert:

sebastian ALL = (root) NOPASSWD: /home/sebastian/backup/

Add this script to startup applications.

7 Backup

Script with rsync to create the backups.

7.1 Backup script

vim ~/backup/



logger "Start backup"

if mount|grep "/media/backup"; then

    if [ $((`date +"%u"`%2)) -eq 0 ]; then

    rsync -a --delete /home/sebastian /media/backup/$SUBDIR/

   logger "Backupdisk not found. Backup skipped."

logger "Finished backup"

Make executable:

chmod +x  ~/backup/

This script backups my homedir into two folders. Date +”%u” returns the day of the week. (1,2,3,4,5,6,7) It switch the folders if the number is even or odd. If “/media/backup” is not mounted, the script quits without making backups.

You can add more rsync lines if you like, or set “SUBDIR” to date +”%u” to make a backup every day in a different folder.

The “logger” command writes a view infos into the syslog.

7.2 Create cronjob

crontab -e


0 21 * * * /home/sebastian/backup/ > /dev/null

This cronjob executes the backup script every day at 21:00 oclock.

, , , ,

One thought on “Notebook Backup to external crypted disk

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.