Off-Site Backup Is Where Every Cheap Plan Falls Apart
You’ve got your data sorted. Restic, Borg, or plain old rsync — you’ve picked your poison and it works great locally. Your RAID array breathes easy. Your ZFS checksums pass. Your snapshots age gracefully.
Then you look at off-site backup options and the room gets cold.
Backblaze B2 nickel-and-dimes you on egress. Wasabi’s free egress is a trap that disappears the moment you actually need to restore (hint: it doesn’t stay free). S3 is overkill. Storj is decentralized until it isn’t, and their node operators get weird about storage. There’s always a catch. There’s always a SaaS layer. There’s always something that feels like it was designed by a spreadsheet.
Then there’s rsync.net.
It’s not that rsync.net is shiny. It’s that it doesn’t pretend to be. It’s SSH. It’s ZFS. It costs $5 per TB per month if you’re not stupid about it. No dashboards. No “egress windows.” No surprise charges for bandwidth you didn’t plan on needing. Your data lives in a datacenter in Switzerland or New York (you pick), and you access it the same way you access your home lab: SSH keys and basic Unix tools.
If you’ve been burned by “cheap” off-site before, rsync.net is worth understanding.
What Actually Is rsync.net?
Okay, here’s the unsexy part: rsync.net is an SSH server in a datacenter with a ZFS filesystem behind it.
That’s it. That’s the whole story.
But that simplicity is the feature.
You get an account. You get SSH access. You get a filesystem quota. You generate an SSH keypair, upload the public key, and suddenly you have an off-site target that speaks the same language as every backup tool you’ve ever used: POSIX.
Under the hood, rsync.net runs a 10-node distributed ZFS pool across their infrastructure. Every replica is geographically separated (Switzerland and multiple US locations depending on your plan). Snapshots are automatic and essentially free — ZFS snapshots don’t duplicate data, they just record the delta. You can do daily snapshots for a decade and you’ve barely paid for the storage of that decade’s changes.
There’s no S3 API. There’s no weird lock semantics. There’s no “eventually consistent” handwaving. You SSH in, you write files, they exist. You read them back, they’re there. Your access keys are just SSH keys. If someone steals your SSH key, you revoke it and upload a new one — same model you’ve been using for fifteen years on actual servers.
No NSA-shaped SaaS layer. No venture capital vying for your eyeballs. The company makes money because you use storage. That’s the entire business model.
Pricing: Why the $5 Floor Matters
rsync.net’s pricing is refreshingly straightforward because there’s nothing to hide.
If you’ve got 500GB of backup data and you want daily snapshots for a month, you’re paying about $2.50 (500GB ÷ 1024 × $5/month). If you’ve got 2TB, you’re paying $10/month. If you’ve got 10TB (reasonable for a home lab with multiple machines), you’re paying $50/month.
That’s not cheap. But it’s honest.
The $5/TB/month baseline is important because it sets a floor for what “off-site backup” actually costs when you’re not being squeezed. Anything cheaper usually means:
- Egress fees you’ll encounter at restore time (Backblaze B2: $0.10/GB egress, suddenly your 2TB restore is $200)
- Bandwidth “included until you really need it” (Wasabi: free egress for 180 days, then it’s $0.04/GB)
- Sync limitations that mean your “unlimited” tier is actually quota-limited (Dropbox: synced file vaults, not backups)
- Decentralization theatre where node operators vanish (Storj)
rsync.net doesn’t do any of that nonsense because rsync.net is just a ZFS box. There’s no SaaS moat. There’s no lock-in. You’re essentially renting disk space in a Unix-friendly datacenter.
If you find something cheaper, you’re either:
- Not paying for redundancy or off-site geographic separation
- Going to hit surprise fees the moment you actually restore
- Dealing with someone who’ll be out of business in 18 months
rsync.net’s been around since 2001. Same model, same philosophy. They’re not winning a Series C. They’re not getting acquired. They’re just making money the boring way.
SSH-Only API Is a Feature, Not a Limitation
This is the part that trips people up.
rsync.net doesn’t have a REST API. They don’t have a web console. You can’t click a button to restore your data through a browser. Your backup tool can’t make HTTP requests to rsync.net.
Honestly? That’s the best thing about them.
Everything you back up flows over SSH. Everything you restore flows over SSH. SSH is cryptographically signed. Your SSH keypair lives on your backup machine, not in some cloud provider’s “secure enclave.” There’s no token to expire. There’s no OAuth flow that confuses you. There’s no leaking “share link” that somebody finds.
When you back up to rsync.net, your data is encrypted client-side (more on that in a minute), SSH-tunneled to their datacenter, and lands in a ZFS pool where it’s automatically checksummed to hell. If a bit flips, ZFS knows immediately. If someone on their network tries to read your files, they need your SSH key. Full stop.
Compare that to Backblaze B2 (REST API over HTTPS, tokens stored by your backup tool, egress charges) or Wasabi (S3-compatible REST API with the same token mess). You’re trading HTTP convenience for SSH security, and for off-site backup, that’s a trade worth making.
Plus, anything that speaks SFTP, SCP, or rsync can talk to rsync.net. That’s most of the Unix ecosystem. Restic does SFTP. Borg does SFTP. Plain rsync works. If you’re paranoid and want to write your own backup script in POSIX shell, rsync.net doesn’t care.
Client-Side Encryption: Restic or Borg
Here’s the thing: rsync.net itself doesn’t encrypt your data. ZFS can, but by default it doesn’t. That means their staff (or a legal order, or a datacenter-access incident) could theoretically read your files.
That’s fine, because Restic and Borg handle that for you.
Restic is simpler to reason about. You point it at an SFTP location, give it a password, and every backup is encrypted and deduplicated on your machine before it leaves your network. Restic uses AES-256-CTR under the hood. A password secures the repo. No private keys to manage. You can restore from anywhere with the password.
Borg is weirder but more powerful. Borg uses a “passphrase-derived” key instead of a stored key — your passphrase is salted and iterated (like a password manager) to derive the actual encryption key. You can add secondary keys, rotate them without re-encrypting the entire repo, and Borg handles deduplication across repositories. It’s overkill for most home labs, but if you’ve got multiple machines backing up the same dataset, Borg’s deduplication across repos saves you disk space (and money).
Here’s a Restic config:
#!/bin/bash# Restic backup to rsync.net via SFTP
export RESTIC_PASSWORD="$(cat /etc/restic/password.txt)"
# First run: init the repo# restic init
# Daily backuprestic backup \ --exclude-file=/etc/restic/excludes.txt \ /home /var/www /etc
# Retention: keep 30 daily, 12 monthly, 2 yearlyrestic forget \ --keep-daily 30 \ --keep-monthly 12 \ --keep-yearly 2 \ --pruneThat’s it. Restic handles encryption transparently. Your data lands at rsync.net encrypted, and only you (with the password) can read it.
Borg looks similar but the setup is slightly different:
#!/bin/bash# Borg backup to rsync.net via SFTP
export BORG_PASSPHRASE="$(cat /etc/borg/passphrase.txt)"
# First run: init the repo with repokey encryption# borg init --encryption=repokey-blake2
# Daily backupborg create \ --progress \ --stats \ --compression lz4 \ ::'{hostname}-{now}' \ /home /var/www /etc
# Retention: 30 days, 12 months, 2 yearsborg prune \ --keep-daily 30 \ --keep-monthly 12 \ --keep-yearly 2 \ --progressThe core difference: Borg compresses by default, Restic doesn’t (Restic assumes compressed files don’t compress well, which is fair). Borg names snapshots with :: separators and supports mounting snapshots as FUSE filesystems. Restic has better restore UX and doesn’t require a FUSE mount.
Pick Restic if you want simplicity. Pick Borg if you want to show off.
Snapshots on Their Side (Bonus Retention)
Here’s where rsync.net gets interesting: they snapshot your entire filesystem automatically.
You don’t pay for these. You don’t have to trigger them. rsync.net runs hourly snapshots and keeps them for a week by default, daily snapshots for a month, and weekly snapshots for a year. You can tweak the policy per account, but the default is solid.
This is a layer of protection on top of Restic or Borg’s retention. If a ransomware incident or human error wipes your backup (the backup tool deletes old snapshots because you set the retention wrong, etc.), rsync.net’s snapshots are still there. You can ask their support team to roll back a directory to a specific point in time, and they’ll restore it to your filesystem.
This only works if you’re not encrypting at the rsync.net level. With client-side encryption (Restic/Borg), rsync.net’s snapshots just snapshot the encrypted blobs, which is fine — you’ve still got historical versions of encrypted data if your backup tool breaks.
Restore Drill: Make Sure It Actually Works
Here’s the thing about off-site backups: if you’ve never restored from it, you haven’t actually tested it. This is not theoretical. Multiple times a year, somebody discovers their “backups” have been corrupted the whole time. Or the backup tool has a bug. Or the encryption password doesn’t work.
Do a restore drill every quarter.
With Restic:
export RESTIC_PASSWORD="$(cat /etc/restic/password.txt)"
# List available snapshotsrestic snapshots
# Restore a specific filerestic restore <snapshot-id> --target /tmp/restore -- /home/user/critical-file.txt
# Verify itls -la /tmp/restore/home/user/critical-file.txtWith Borg:
export BORG_PASSPHRASE="$(cat /etc/borg/passphrase.txt)"
# List snapshotsborg list
# Mount a snapshot and poke aroundmkdir -p /mnt/borg-restoreborg mount ::latest /mnt/borg-restorels -la /mnt/borg-restore/
# Clean upfusermount -u /mnt/borg-restoreThe point isn’t to do a full restore (that takes forever). The point is to verify that:
- You can authenticate to rsync.net
- The backup data is there
- The encryption key/password is correct
- You can list snapshots and extract files
If any of that fails, your off-site backup is security theatre. Fix it immediately.
When Cheaper Plans Don’t Cut It
Let’s be honest: rsync.net at $5/TB is not the cheapest option if you’re willing to compromise.
Backblaze B2 is often cheaper per TB ($0.006/GB = $6/TB for storage), but you pay $0.10/GB on egress. For a 2TB restore, that’s $200. If you never restore, B2 is cheaper. If you restore once a year, rsync.net wins.
Wasabi advertises “free egress,” but it’s free for 180 days. After that, you pay $0.04/GB. Same trap, just on a longer timer.
Rclone + S3 (any provider) is cheaper if you’re buying from Backblaze, DigitalOcean Spaces, or Linode. But you’re back to REST APIs, token management, and egress fees.
Storj is cheap because they’re decentralized (you’re funding node operators worldwide). But Storj’s model depends on nodes staying online. When a node drops, your data is re-replicated to new nodes. It works, but you’re trusting a distributed incentive structure that’s 7 years old.
Local NAS + off-site replication (Synology, TrueNAS with Replication over SSH) is cheaper if you’ve already got a second box somewhere. But you’re managing two systems, and if that second location is compromised, so is your backup.
rsync.net wins if:
- You want transparent geographic redundancy (Swiss datacenter mirrors New York automatically)
- You’ll actually restore from backup (no egress surprises)
- You don’t want to manage snapshots or retention policies yourself (rsync.net handles it)
- You sleep better when your backup target is just “Unix” (no SaaS layer)
rsync.net is overkill if:
- You’ve got unlimited S3 credits (AWS customers)
- You’re backing up a laptop and never restore
- Your data is less than 100GB (fixed costs start mattering at scale)
rsync.net is underkill if:
- You need object storage durability SLAs (rsync.net doesn’t publish a 99.9999999% guarantee in writing)
- You need to share encrypted backups with other users (Restic/Borg repos are single-user)
- You need to restore to different regions (you’re locked to where you bought the account)
Key Management: One Less Thing
Okay, back to the SSH key thing.
Your backup machine needs an SSH keypair to talk to rsync.net. That keypair lives in /root/.ssh/ or /home/backup/.ssh/ — somewhere on your machine that the backup service can read. If that machine is compromised, your SSH key is compromised. If your SSH key is compromised, someone can access your off-site backup.
That’s not specific to rsync.net. That’s specific to SSH-based backups.
You can mitigate it:
- Use an SSH key with a passphrase, and a systemd service that unlocks it at boot via a secure mechanism (ssh-agent with a socket, UNIX permissions 0600)
- Use an SSH key with restricted permissions on the rsync.net side: force a specific command, force a specific IP, disable port forwarding, disable agent forwarding
- Use separate SSH keys for different machines (if your web server is compromised, the attacker doesn’t automatically get access to your database backup)
- Audit rsync.net’s authorized_keys file regularly (they provide SSH access to edit it)
None of this is rocket science. This is the same key management you’d use for any SSH-based deploy, database backup, or remote data sync.
When rsync.net Is Worth $5/Month
If you’ve got data you’d lose sleep over losing — a home lab with 10+ years of photos, a server with customer data, a dataset you spent months building — rsync.net earns its keep:
- Transparent redundancy: You pay one price, data lives in two geographies automatically
- No egress fees: You can restore 2TB without a $200 bill ambushing you
- Simple retention: rsync.net handles hourly/daily/weekly snapshots; your backup tool handles encryption and dedup
- No vendor lock-in: SFTP works everywhere. Tomorrow you can move to Wasabi, B2, or another SFTP server with zero changes to Restic/Borg
- Honest pricing: You know exactly what you’re paying and why. No surprises.
- Actually boring: After 25 years in business, they’re not going anywhere, not getting bought, not pivoting to AI backups or whatever VC fashion comes next
Off-site backup is not where you cheap out. It’s where you spend money once so you never have to spend money again (because your data didn’t burn down).
rsync.net costs $5/month per TB. For most home labs, that’s $25–$50. That’s what you spend on coffee in a month. It’s worth it not to sweat the overnight fire, the ransomware, or the RAID controller that decides to yeet itself into the void at 3 AM.
Set it up, run a quarterly restore drill, and stop thinking about it.
