Push means: if your Server gets compromised, your backup is, too.
So I prefer pull. To not have the same effect I use a restricted ssh account that can only call rrsync.
this post was submitted on 18 May 2026
10 points (100.0% liked)
Selfhosted
59296 readers
183 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
-
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
I don't trust my VPS with access to my backup box, so I pull.
I do push only, as I'm using cloud-based object storage, so I know the destination is online 24/7. I do encrypt them before uploading, so couldn't care less about privacy or security. Only availability, but if one uses multiple different cheap storage providers and replicates the backups, it doesn't matter either.
It's also easier and more secure to automate push if you don't fully own the destination.
both: pull for servers that are on 24/7. push for laptops (for example at login time, or other)
Same here.
Pulling doesn't work if you don't know when a system will be online, so it only makes sense for my laptop to push.
Yes and no. Basically you're right. However, I use backuppc and it tries every hour. So (for me) it works with pulling laptop's too. Once they are on, it's usually more than half an hour (statistically enough).
Note: much is synced with syncthing to a central node. That data is backupped from there. So it's only laptop specific stuff that's pulled, missing a cycle isn't that critical to me.
I do both.
I push from all my machines to my local backup server and in the middle of the night my remote backup server (in another location) pulls a copy from the local backup server. I don't think push vs pull really matters though.
You have many options to choose from…
- rsync over ssh+key, maybe pull from the central backup host is better
- Borgbackup, restic and alike, so push
- Syncthing, push or pull I can’t say for sure