Home Linux AdministrationThings to Back Up Before Reinstalling Linux: The Complete Checklist (2026)

Things to Back Up Before Reinstalling Linux: The Complete Checklist (2026)

By sk
17 views 18 mins read

Quick Summary

  • Before reinstalling Linux, you should back up more than just your Documents folder.
  • Back up your personal files, browser profiles, SSH/GPG keys, dotfiles, app-specific data, installed package lists (including Flatpak/Snap), system-level config, network settings, and scheduled tasks etc.
  • Most importantly, back up your 2FA recovery codes, since that's the one category you can't get back by reinstalling anything.

Introduction

Most people back up the obvious stuff, such as Documents, Pictures, and Downloads etc. And then they reinstall their Linux system and realize their terminal doesn't feel like theirs anymore. SSH keys are gone. Shell aliases are gone. Every app setting is back to factory default.

That's because "data" on Linux isn't just files in your home folder. It includes:

  • Identity: SSH keys, GPG keys, browser logins, 2FA/recovery codes
  • Configuration: Dotfiles, environment variables, scheduled tasks
  • System state: The exact list of packages you installed, plus any system-level customization
  • App memory: Settings inside individual applications, not just their data files

This guide walks through each category, in order of how easy it is to forget, and gives you two ways to execute it:

  1. A fast, one-liner command for most desktop users,
  2. And a fully itemized checklist if your setup is more customized or you want to understand exactly what you're copying and why.

Disclaimer: This is my own personal pre-reinstall routine, written down so others can follow it. It is not an exhaustive checklist for every possible setup. If you use something this guide doesn't cover (a password manager vault, Docker volumes, a VPN client, game libraries), you must back that up too.

The same two questions apply to anything not listed here: where does its data live, and does it need an export tool instead of a plain copy?

Quick Start: Back Up Your Whole Home Directory in One Command

If your system isn't heavily customized, this single rsync command captures almost everything in Sections 1–5 below in one pass, including dotfiles, browser profiles, SSH keys, and app settings, since they all live somewhere under $HOME.

First, connect your external drive and mount your backup destination:

mkdir -p /mnt/backup
sudo mount /dev/sdb1 /mnt/backup # replace /dev/sdb1 with your backup drive

Not sure which device is your backup drive? List all drives and partitions:

lsblk -f

Then copy your entire home directory, preserving permissions, ACLs, extended attributes, and hard links:

rsync -aAXHv \
--exclude='.cache' \
/home/$USER/ \
/mnt/backup/home/
  • -a: archive mode (permissions, timestamps, symlinks)
  • -A: preserve ACLs
  • -X: preserve extended attributes
  • -H: preserve hard links
  • -v: verbose output
  • --exclude='.cache': skips cache data that will just be regenerated; omit this flag if you want a byte-for-byte copy instead

This one command handles files, dotfiles, browser data, and SSH keys all at once. Please note that it does not cover installed packages, GPG keyrings (which need proper export, not a raw copy - see Section 4), databases, or anything living outside your home directory.

Keep reading for those, and for the reasoning behind each category if you want to understand why something needs special handling rather than a plain copy.


Related Read:


1. Personal Files and Documents

The obvious stuff, but with two traps people fall into.

Trap 1: You only back up ~/Documents, ~/Pictures, ~/Downloads. That misses anything saved outside the standard folders, for example, a script in ~/projects, a VM disk image, or files on a second internal drive that isn't your /home partition.

Trap 2: You forget hidden application data lives in your home folder too. Per the freedesktop.org XDG Base Directory spec, user-specific data files default to $HOME/.local/share, and config files default to $HOME/.config. Game saves, some app databases, and Flatpak/Snap user data typically live here - invisible if you only copy "Documents."

LocationWhat's typically there
~/Documents, ~/Pictures, ~/Videos, ~/MusicObvious user files
~/DownloadsEasy to forget, often has installers/configs you'll want again
~/.local/shareApp data, game saves, some databases
~/.configApp settings (see Section 3, Dotfiles)
Any custom folders outside $HOMESecond drives, mounted partitions, symlinked storage

Find large, non-obvious folders fast using command:

du -h --max-depth=1 ~ | sort -rh | head -20

2. Browser Data (Bookmarks, Saved Passwords, Profiles)

Your browser is more than bookmarks. Saved passwords, autofill, extensions, open tabs, and login sessions all live in a local profile folder that a reinstall wipes if you're not synced.

Firefox:

  • If you installed Firefox before version 147 (released January 2026), your profile is at ~/.mozilla/firefox/ and stays there even after upgrading. Firefox does not auto-migrate existing profiles.
  • Fresh installs (no pre-existing ~/.mozilla) default to the new XDG layout: config in ~/.config/mozilla, cache in ~/.cache/mozilla, data in ~/.local/share/mozilla.
  • Check about:support in-browser for your exact profile and cache paths rather than guessing.

Chrome / Chromium:

  • Stored at ~/.config/google-chrome/ (Chrome) or ~/.config/chromium/ (Chromium)
  • Active profile is a subfolder - Default, Profile 1, etc.
  • chrome://version shows the exact "Profile Path."

Before backing up:

  • Signed into browser sync? Bookmarks, passwords, and tabs restore automatically. You may not need the profile folder at all.
  • Not synced? Close the browser fully, then copy the entire profile folder.
  • Passwords outside sync are often encrypted via OS-level tools (GNOME Keyring, KDE Wallet). So copying just the profile folder may not carry over decryption.

3. SSH Keys and GPG Keys

The two most commonly forgotten backups and the two most painful to lose.

SSH keys: ~/.ssh/

By default, ssh-keygen writes to ~/.ssh/id_rsa (or id_ed25519) plus:

  • ~/.ssh/config: per-host shortcuts
  • ~/.ssh/known_hosts: server fingerprints
  • ~/.ssh/authorized_keys: if this machine accepts incoming SSH

Copy the entire ~/.ssh folder. There's no "recovery" for a lost private key. You'd need to generate a new one and manually re-authorize it everywhere the old one was trusted.

SSH is strict about permissions. After restoring, run:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa ~/.ssh/authorized_keys ~/.ssh/config

Note: if this machine also runs an SSH server accepting incoming connections, its host keys live separately at /etc/ssh/ - see Section 7 (System-Level Configuration) below. That's a different thing from your personal ~/.ssh keys used to connect out to other machines.

GPG keys: ~/.gnupg/

Copying this folder directly is not reliable. Since GnuPG 2.1, secret keys are stored as individual files rather than the old single secring.gpg. A raw copy can look fine but silently fail to decrypt or sign. Export explicitly instead:

gpg --export --export-options backup --output public.gpg
gpg --export-secret-keys --export-options backup --output private.gpg
gpg --export-ownertrust --output trust.txt

All three exports matter. The ownertrust file prevents "unknown trust" warnings on every operation after restoring. Also back up your revocation certificate from ~/.gnupg/openpgp-revocs.d/. It's the only way to invalidate a lost key, so keep it as private as the key itself.

4. Dotfiles and Shell Config

Dotfiles make a system feel like yours. Skip these and your shell, editor, and Git identity reset to factory defaults.

FileWhat it configures
.bashrc / .zshrcShell aliases, functions, prompt, PATH
.bash_profile / .profileLogin-shell environment setup
.gitconfigGit username, email, aliases
.vimrc / .config/nvim/Vim/Neovim settings
.tmux.confTerminal multiplexer config
.config/ (broad)Most modern GUI and CLI apps store settings here

Run ls -la ~ to see everything actually present in your home folder.

Don't blindly back up secrets along with dotfiles. .bashrc/.zshrc files often accumulate API tokens in export lines over time. If you push dotfiles to a public GitHub repo, check for anything sensitive first.

For a repeatable setup long-term, tools like chezmoi or yadm (or a bare Git repo) turn future reinstalls into a git clone.

5. Application-Specific Data

Some apps need their own callout because losing their data means losing something you can't easily recreate. Thunderbird and VS Code are used here as representative examples. The same two questions apply to any app: where does its config live, and does it need an export tool instead of a file copy?

1. Thunderbird (email, contacts, calendar):

  • Profile at ~/.thunderbird/, but Snap/Flatpak installs use a different path (e.g. ~/snap/thunderbird/common/.thunderbird/). Check Help → More Troubleshooting Information → Profile Directory for the exact path.
  • Close Thunderbird before copying.
  • IMAP accounts mainly need settings, not mail (it re-downloads). POP or local-only folders mean the mail only exists in this profile.

2. VS Code (or any editor with extensions):

Settings at ~/.config/Code/User/settings.json and keybindings.json

Export your extension list as a reinstall script:

code --list-extensions > extensions.txt

Reinstall with:

cat extensions.txt | xargs -L 1 code --install-extension

3. Local databases (MySQL/MariaDB, PostgreSQL):

Don't copy the raw data directory. It's version- and config-dependent. Use each database's own dump tool:

mysqldump -u <username> -p <database_name> > backup.sql
# Or for every database on the system:
mysqldump --all-databases > all.sql
pg_dump -U <username> <database_name> > backup.sql
# Or for every database on the system:
pg_dumpall > postgres.sql

6. Installed Package List

Invisible, and the most commonly forgotten category. There's no folder called "my installed software" to notice missing.

Debian / Ubuntu / Linux Mint / Pop!_OS:

apt-mark showmanual > packages.txt

You can reinstall later using command:

sudo xargs apt install -y < packages.txt

Fedora / RHEL / AlmaLinux / Rocky Linux:

dnf repoquery --userinstalled > packages.txt

Reinstall with command:

sudo dnf install $(cat packages.txt)

Arch Linux:

pacman -Qqe > packages.txt

Reinstall:

sudo pacman -S --needed $(cat packages.txt)

All three export only what you explicitly installed, not auto-pulled dependencies - keeping the reinstall clean.

Flatpak (increasingly the default install method for apps like Spotify, OBS, GIMP regardless of your base distro):

flatpak list --app --columns=application > flatpak-apps.txt
flatpak remotes --columns=name,url > flatpak-remotes.txt

You need both files. The remotes file tells Flatpak where to fetch each app from. Reinstall:

while read -r name url; do flatpak remote-add --if-not-exists "$name" "$url"; done < flatpak-remotes.txt
flatpak install $(cat flatpak-apps.txt)

Flatpak app data (saves, settings) lives separately in ~/.var/app/. Back that up like any other folder if it matters to you.

Snap (Ubuntu's default app format):

snap list > snap-list.txt

Reinstall each with sudo snap install <name>. Snap has no native bulk-install-from-file command, unlike apt/pacman.

7. System-Level Configuration (If You've Customized It)

Everything above lives under your home directory. This section covers the parts of the system outside $HOME. It is relevant if you've customized system behavior rather than just your personal environment. Skip this section entirely if you've never touched these files; a fresh install recreates sensible defaults automatically.

Core system files, if you've edited them (custom mount points, hostname, network aliases):

sudo mkdir -p /mnt/backup/etc
sudo cp -a /etc/fstab /etc/hosts /etc/default /mnt/backup/etc/

SSH server configuration (if this machine accepts incoming SSH connections. Please note that it is different from your personal ~/.ssh client keys in Section 3):

sudo cp -a /etc/ssh /mnt/backup/etc/

Custom systemd units, if you've written your own services (beyond the user timers already covered in your dotfiles):

sudo cp -a /etc/systemd /mnt/backup/etc/

Bootloader configuration, only if you've customized GRUB (custom kernel parameters, boot order, themes):

sudo cp -a /etc/default/grub /mnt/backup/

Custom scripts outside your home directory:

sudo cp -a /usr/local /mnt/backup/
# or, if you keep scripts inside your home folder instead:
cp -a ~/bin /mnt/backup/

Disk layout - worth saving if you have a non-trivial partition setup, so you can recreate it identically rather than guessing from memory during reinstall:

lsblk -f > /mnt/backup/lsblk.txt
sudo fdisk -l > /mnt/backup/fdisk.txt

Enabled services - useful if you've enabled specific systemd services manually and want a reference for what to re-enable:

systemctl list-unit-files --state=enabled > /mnt/backup/enabled-services.txt

8. Network Settings (If Customized)

Skip this section if you've never manually touched network configuration, a fresh install with DHCP just works. Worth backing up if you've set anything manually.

Wi-Fi passwords and saved connections: stored by NetworkManager (the default on most desktop distros) in plain text at:

sudo cp -a /etc/NetworkManager/system-connections/ /mnt/backup/

These files contain saved Wi-Fi passwords in cleartext under the psk= line. Treat this backup as sensitive, not just a config file.

Static IP configuration: if you use Netplan (Ubuntu and derivatives), your config lives in /etc/netplan/ as one or more .yaml files. The filenames may vary (00-installer-config.yaml, 01-netcfg.yaml, 50-cloud-init.yaml depending on how the system was installed):

sudo cp -a /etc/netplan/ /mnt/backup/

Custom hostname or DNS entries: already covered if you backed up /etc/hosts in Section 7. If you maintain a custom /etc/resolv.conf instead of letting systemd-resolved manage it automatically, back that up too.

VPN configs: if you maintain local VPN client configs (WireGuard, OpenVPN) rather than using a provider's app, back up their config directories, typically /etc/wireguard/ or wherever your specific client stores its profiles.

9. Environment Variables and Scheduled Tasks

Environment variables: if set in .bashrc/.zshrc/.profile, you've already covered them in Section 4. Some live outside shell config, though:

  • ~/.pam_environment or ~/.config/environment.d/*.conf: desktop-environment login variables, independent of any shell
  • /etc/environment: system-wide, applies to all users, easy to forget since it's outside your home folder

Cron jobs: Managed through the crontab command, not a plain file you'd cp:

crontab -l > crontab-backup.txt

Restore using command:

crontab crontab-backup.txt

Scheduled jobs for other users need their own export. crontab -l command only shows the current user's jobs; as root, crontab -u <username> -l retrieves someone else's. System-wide cron files, if customized:

sudo cp -a /etc/cron* /mnt/backup/

systemd timers - cron's modern alternative: many current distros favor these over cron, and they won't show up in crontab -l at all. Your own timers are plain unit files at:

~/.config/systemd/user/

Back this up alongside your dotfiles. Check systemctl --user list-timers to see what's actually active before assuming cron covers everything you've scheduled.

10. License Keys and 2FA/Recovery Codes

The one category that isn't recoverable by re-downloading or reinstalling: proof of ownership and proof of identity.

1. License keys:

Paid software outside an app store or subscription, especially anything tied to a key emailed to you once, years ago. Write it down properly before reinstalling; don't rely on remembering "it's somewhere in my inbox."

2. 2FA and recovery codes:

If your authenticator app (Google Authenticator, Aegis, andOTP) or a local password manager's TOTP store lives only on this machine, reinstalling without backing it up first can lock you out of email, banking, GitHub, and your password manager itself.

Recovery is service-by-service. Some require identity verification that takes days, and some accounts have no recovery path at all.

Before reinstalling:

  • Export your authenticator app's data (most have a built-in backup feature and check before assuming there isn't one)
  • Confirm you've saved recovery/backup codes for important accounts, stored somewhere other than the machine you're about to wipe
  • If unsure whether a 2FA method is cloud-synced or local-only, treat it as local-only until verified

11. Compress and Verify

If you'd rather have a single archive instead of a loose folder:

tar -cvJf backup.tar.xz /mnt/backup

Then confirm the backup actually completed:

du -sh /home/$USER
du -sh /mnt/backup/home

Or do a full comparison:

diff -rq /home/$USER /mnt/backup/home

Full Checklist

#CategoryWhat to do
1License Keys & 2FAConfirm recovery codes are saved somewhere other than this machine. Do this first, not last
2Personal FilesCheck ~/Documents, ~/.local/share, ~/.config, and folders outside $HOME
3Browser DataConfirm sync is on, or copy your Firefox/Chrome profile (verify exact path first)
4SSH & GPG KeysCopy ~/.ssh entirely; export GPG keys properly. Don't just copy ~/.gnupg
5DotfilesCopy .bashrc, .gitconfig, .vimrc, etc. Check for leaked secrets first
6App-Specific DataBack up email client profiles, editor settings, and database dumps (not raw copies)
7Installed PackagesExport with apt-mark, dnf repoquery, or pacman -Qqe — plus Flatpak/Snap lists
8System-Level ConfigOnly if customized: fstab, hosts, SSH server config, GRUB, systemd units, disk layout
9Network SettingsOnly if customized: NetworkManager connections, Netplan, VPN configs
10Env Vars & Scheduled TasksCheck /etc/environment, export crontab -l, back up ~/.config/systemd/user/

Not every row applies to everyone. Just skip what doesn't fit your setup, but treat Row 1 as non-negotiable regardless of how customized your system is. I listed it first here deliberately, even though it appears last in the walkthrough above, since it's the one category worth confirming before you touch anything else.

Graphical Backup Applications

There are several GUI backup tools that make the process much easier, especially if you're new to Linux. Here are the ones I'd recommend:

1. Pika Backup

Pika Backup is being actively developed as part of the GNOME ecosystem. It remains a modern GUI frontend for BorgBackup and is intended for personal data backups, not full system imaging. Features include scheduled backups, encryption, deduplication, local and remote repositories, and file browsing for restores.

Best for:

  • Home directory backups
  • External USB drives
  • NAS or SSH backups
  • Users who want a modern interface

Not for:

  • Full operating system recovery

Status: Actively maintained

GitLab: https://gitlab.gnome.org/World/pika-backup

2. Déjà Dup

Déjà Dup is a simple backup tool. It hides the complexity of backing up the Right Way (encrypted, off-site, and regular) and uses Restic behind the scenes.

Best for:

  • Beginners
  • Scheduled backups
  • External drives
  • Cloud storage
  • Restoring individual files

It remains one of the easiest "set it and forget it" backup applications.

Status: Actively maintained

Website: https://apps.gnome.org/DejaDup/

3. Timeshift

Timeshift is not a personal file backup program. It creates snapshots of your Linux system so you can roll back after:

  • Bad package updates
  • Broken drivers
  • Failed upgrades
  • Configuration mistakes

One caveat is that on some distributions (particularly Fedora's default Btrfs layout), users often prefer alternatives because of differences in Btrfs subvolume layouts. Community discussions frequently recommend tools such as Btrfs Assistant in those cases.

Status: Actively maintained

GitHub: https://github.com/linuxmint/timeshift

4. Rescuezilla

Rescuezilla continues to be regarded as a graphical alternative to Clonezilla.

Use it when you want:

  • An image of the entire disk
  • Operating system + files + bootloader
  • Easy restoration to the same drive or a replacement drive

It is essentially the closest Linux equivalent to tools like Macrium Reflect or the old Norton Ghost.

Status: Actively maintained

GitHub: https://github.com/rescuezilla/rescuezilla

My preference:

PurposeRecommended tool
Personal filesPika Backup
Easiest backup for beginnersDéjà Dup
Recover from broken updatesTimeshift
Entire disk imageRescuezilla
Advanced command-line backupBorgBackup or rsync

My recommendation to a new Linux user:

If someone ask, "I just want to reinstall Linux without losing my stuff," I'd suggest:

  1. Install Pika Backup (or use Déjà Dup if it's already installed).
  2. Back up your entire home directory to an external drive.
  3. Before major system upgrades, create a Timeshift snapshot (or use your distribution's native snapshot mechanism if applicable).
  4. If you're replacing a disk or want a complete fallback, create a Rescuezilla image.

We have reviewed and published more backup tools. Check our Backup Tools category for more details.

Frequently Asked Questions (FAQ)

Q: Do I really need to back up my SSH keys separately if I'm copying my whole home folder?

A: If you use the full-home rsync command, ~/.ssh is already included. The separate section exists for readers doing a selective backup instead of a full-home copy.

Q: Will copying my ~/.gnupg folder work as a GPG backup?

A: Not reliably. Since GnuPG 2.1, secret keys are stored differently, and a raw copy can produce a keyring that looks fine but won't decrypt or sign. Use gpg --export-secret-keys --export-options backup instead.

Q: What happens if I lose my 2FA recovery codes and my authenticator app?

A: Recovery is service-by-service. Some let you verify identity through support (which can take days), and some accounts have no recovery path at all. This is why it's flagged as the highest-priority item to check before reinstalling anything.

Q: Do I need to back up Flatpak and Snap apps separately from regular packages?

A: Yes. apt/dnf/pacman package lists don't include Flatpak or Snap apps. Each needs its own export command. We covered in the Installed Package List section above.

Q: Are there any graphical backup applications to easily back up files?

A: Yes, there are many. Popular tools include Pika Backup, Deja Dup, BorgBackup and Timeshift etc. These are for files and folders backup. If you want to backup entire system, use disk clone tools like Rescuezilla.

Key Takeaways

  • "Data" on Linux means more than files. It includes identity (SSH/GPG/2FA), configuration (dotfiles, env vars), system state (installed packages), and app memory (settings, not just data files).
  • A single rsync of your home directory covers most personal data in one pass, but not installed packages, GPG keyrings, databases, or anything outside $HOME.
  • Firefox changed its default profile location in version 147 (Jan 2026). Check about:support rather than assuming the old ~/.mozilla path.
  • Never copy ~/.gnupg directly. Use gpg --export with the backup option, or your restored keyring may silently fail to decrypt or sign.
  • 2FA recovery codes and license keys are the only genuinely unrecoverable category in this guide. Please confirm these are backed up before anything else.
  • Use appropriate GUI backup applications if you're not comfortable with Linux command line environment.

Recommended Read:

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More