PodHeitor SFTP Backup Plugin for Bacula
Agentless SFTP/SSH backup for Bacula Community Edition — zero deployment on remote hosts (contact us for download and subscription information).
Back up files from any server, NAS, switch, router, or cloud service accessible via SFTP/SSH. No Bacula agent needed on the remote side.
Why SFTP Instead of Mountpoints
Features
- Agentless — SFTP/SSH only, no software on remote hosts
- Full / Incremental / Differential — native Bacula levels via mtime comparison
- Include/Exclude filters — glob-based (
*.pdf,*.tmp) - Metadata preserved — permissions, UID/GID, timestamps, symlinks
- Authentication — SSH key (ed25519, RSA, ECDSA), agent forwarding, password
- Host key verification — MITM protection via known_hosts
- File listing — estimate, catalog queries, restore browsing
- Multiple sources — N SFTP servers in a single FileSet
- Compression & Encryption — Bacula native
- Metaplugin architecture
Architecture
Use Cases
Network Equipment
VendorModels / OS CiscoCatalyst 9000 (IOS-XE), Nexus (NX-OS), ISR/ASR JuniperEX, QFX, SRX, MX (Junos) MikroTikAll RouterOS devices Arista7000, 7500 series (EOS) HPE ArubaCX switches, Instant AP DellPowerSwitch (OS10) FortinetFortiGate (FortiOS) Palo AltoPA series (PAN-OS) UbiquitiUniFi, EdgeRouter OthersVyOS, OPNsense, pfSense
NAS and Storage
SynologyDiskStation (DSM) QNAPQTS TrueNAS / FreeNASSFTP/SSH built-in AsustorSFTP/SSH available TerraMasterSFTP/SSH available
Cloud SFTP Services
AWS Transfer FamilyManaged SFTP endpoint Azure Blob StorageSFTP access Hetzner Storage BoxSFTP/SSH (port 23) Files.comSFTP native ExaVault / GoAnywhereEnterprise SFTP
Cloud VMs and Hosting
- AWS EC2, GCP Compute, Azure VMs
- DigitalOcean, Linode, Vultr, Hetzner Cloud, OVH
- cPanel/WHM, Plesk, DirectAdmin
Embedded and IoT
- Raspberry Pi, IoT gateways
- Devices with limited storage
Requirements
Component MinimumNotes Bacula Community13.0.0+Metaplugin required Python3.6+Backend paramiko2.x+pip3 install paramiko Remote hostSFTP/SSHNo agent needed
Installation
RPM
sudo rpm -ivh podheitor-sftp-fd-plugin-1.0.0-1.el9.x86_64.rpm
From Source
make BACULA_SRC=/path/to/bacula-15.0.3/src sudo make install PREFIX=/opt/bacula
Arch Linux
makepkg -si
Configuration
Plugin Parameters
ParameterRequiredDefaultDescription hostyes—SFTP server hostname or IP portno22SFTP port useryes—SFTP username passwordno—Password (prefer keyfile) keyfileno—Path to private key passphraseno—Key passphrase pathyes/Remote base directory known_hostsno—known_hosts path verify_hostnoyesVerify host key timeoutno30Timeout seconds includeno—Include glob patterns excludeno—Exclude glob patterns abort_on_errornonoAbort on read error
Quick Start
sudo mkdir -p /etc/bacula/.ssh
ssh-keygen -t ed25519 -f /etc/bacula/.ssh/id_ed25519 -N ""
ssh-copy-id -i /etc/bacula/.ssh/id_ed25519.pub backup@server.local
FileSet {
Name = "SFTP-Backup"
Include {
Options { Signature = SHA256; Compression = LZ4 }
Plugin = "podheitor-sftp: host=server.local user=backup keyfile=/etc/bacula/.ssh/id_ed25519 path=/data"
}
}
Multiple Servers
Plugin = "podheitor-sftp: host=web1.prod user=deploy path=/var/www" Plugin = "podheitor-sftp: host=web2.prod user=deploy path=/var/www" Plugin = "podheitor-sftp: host=nas.local user=admin path=/volume1/shared"
Restore
bconsole * restore where=/tmp/sftp-restore select all done yes
File Listing
MethodWhenCommand Before backupPreviewestimate job=… listing After backupCataloglist files jobid=X During restoreBrowserestore → cd / ls
Debugging
export PODHEITOR_DEBUG=1 sudo systemctl restart bacula-fd
Packaging
RHEL / Oracle Linux 9RPM Arch LinuxPKGBUILD Otherbuild-packages.sh
Documentation
- Complete Technical Manual
- Commercial Brochure
- Quick Reference
- Example Configs
License
GNU Affero General Public License v3.0 (AGPLv3)
Copyright (C) 2025 PodHeitor / Heitor Faria
Disponível em: 
Português
