Edgerouter scheduled backups

In this section I will describe how to setup a scheduled daily backup of the edgerouter-configuration via SFTP to another linux-box.


On the Edgerouter

First we need to generate a public keypair on our Edgerouter. This is our ticket to the backup server. This is way more secure that using a password for authentication.

sudo bash
mkdir /config/ssh-keys
cd /config/ssh-keys
ssh-keygen -f backup -C "SSH key for backup" -N ""
cat backup.pub

The last line prints our public key. This key is needed on our backup server. A key could look like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjsIf2CJz7cM5axHuNmh1oKPSuNZWrTpzLOe2PQoVCU/YL4nSsm+Zj1HvfAdbgVFvoWcGEw4rfKo+sRY/QQjNZfFCQyBRLzY5MBBnPrk1y75iILddaLVQvSm/3gSj6ZrEGH1ZS5mxznnwIovrROZ9tJeCPiS/1QDMMZDbTRR+Ez+eQVnaWdIhLGBhBEjj13VFAyV33QVzaaBc0SbtpzfbmUAVFHIjBXuUHoRTw0uZlvEg1GD68Mp7GhC6f1YeNU+zt2pA+6KRP9rZvshLfvAH9IP6uzgu17o2cDowF3tZmlhCFnr062ptbfDSnTO6ywEyzCIue85H6hEItmC3VBdnx SSH key for backup


On the backup server

Now we go to our server that will receive the backups and create a user for this purpose:

adduser backupuser
su backupuser
mkdir /home/backupuser/.ssh
mkdir /home/backupuser/edge-backups
vi /home/backupuser/.ssh/authorized_keys

The last line edits the “authorized_keys” file, where you have to paste the public key generated on the Edgerouter.


Back on the edgerouter

Now you create this script “/config/scripts/backup-remote.sh” and chmod it 755:


now=$(date +%d%m%y-%H%M)
tar -cf - /config | gzip | \
        curl -k --key $sftp_key --pubkey $sftp_key.pub \
        -u $sftp_user: -T - sftp://$sftp_host$sftp_folder/backup-$now.tar.gz

You should now test if the scripts works by running it. If it does, you need to add the following lines to your Edgerouter configuration to make the script running daily:

set system task-scheduler task backup-conf executable path /config/scripts/backup-remote.sh
set system task-scheduler task backup-conf interval 1d

3 thoughts to “Edgerouter scheduled backups”

  1. You can also configure the edgerouter to upload a backup when a config is commited:


    ubnt@RTR# set system config-management commit-archive location
    Possible completions:
    Uniform Resource Identifier

    Detailed information:
    ubnt@RTR# set system config-management commit-archive location tftp://
    ubnt@RTR# commit
    Archiving config…
    tftp:// OK

    1. Hi Trond,

      Did you ever make that work with ssh-keys?
      I couldn’t.. thats why I made these scripts 🙂

      Best regards,

  2. This was useful for me.

    I have more to backup than just the config.boot file. I want to save my .bashrc, the backup script itself, and /etc/hosts which I set up for dnsmasq.

Leave a Reply

Your email address will not be published. Required fields are marked *