[gentoo-user] [OT] Secure remote backup

[gentoo-user] [OT] Secure remote backup

[Dan Johansson]

[-- Attachment #1: Type: text/plain, Size: 524 bytes --]

Me and a friend are looking into the possibility to do 
cross-site-remote-backups (I'm backing up my data to a directory in his box 
and he on mine). We want the connection and remote-storage to encrypted and 
we do not want to open too many ports in our firewalls. Any suggestions on  
how this could be accomplished?
-- 
Dan Johansson, <http://www.dmj.nu>
***************************************************
This message is printed on 100% recycled electrons!
***************************************************

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Secure remote backup

[Etaoin Shrdlu]

On Saturday 4 November 2006 13:56, Dan Johansson wrote:

> Me and a friend are looking into the possibility to do
> cross-site-remote-backups (I'm backing up my data to a directory in
> his box and he on mine). We want the connection and remote-storage to
> encrypted and we do not want to open too many ports in our firewalls.
> Any suggestions on how this could be accomplished?

Backuppc (it's in portage) uses rsync over ssh, so you only need to open 
a single port in the firewall. Optionally, backuppc offers an http 
interface to monitor its status, so maybe you'll want to open port 80 as 
well.
Use an encrypted filesystem to store backups, and you should be done.

Note: the above setup probably needs some work if you want full 
automation.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [OT] Secure remote backup

[Daniel Iliev]

Dan Johansson wrote:
> Me and a friend are looking into the possibility to do 
> cross-site-remote-backups (I'm backing up my data to a directory in his box 
> and he on mine). We want the connection and remote-storage to encrypted and 
> we do not want to open too many ports in our firewalls. Any suggestions on  
> how this could be accomplished?
>   

I use ssh with no-password login + scp. Here is a small article on how
to achieve this functionality:
http://ariadne.mse.uiuc.edu/Cluster/ssh_log_through.html

HTH

-- 
Best regards,
Daniel


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [OT] Secure remote backup

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 686 bytes --]

On Sat, 4 Nov 2006 13:56:04 +0100, Dan Johansson wrote:

> Me and a friend are looking into the possibility to do 
> cross-site-remote-backups (I'm backing up my data to a directory in his
> box and he on mine). We want the connection and remote-storage to
> encrypted and we do not want to open too many ports in our firewalls.
> Any suggestions on how this could be accomplished?

I use a combination of sshfs and encfs to keep my backups encrypted at
Strongspace. You can use this with any online backup or web hosting
services as long as they allow ssh file transfers (you don't need ssh
login).


-- 
Neil Bothwick

WinErr 012: Window closed - Do not look inside

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Secure remote backup

[Dan Johansson]

[-- Attachment #1: Type: text/plain, Size: 1018 bytes --]

On Saturday 04 November 2006 17:19, Neil Bothwick wrote:
> On Sat, 4 Nov 2006 13:56:04 +0100, Dan Johansson wrote:
> > Me and a friend are looking into the possibility to do
> > cross-site-remote-backups (I'm backing up my data to a directory in his
> > box and he on mine). We want the connection and remote-storage to
> > encrypted and we do not want to open too many ports in our firewalls.
> > Any suggestions on how this could be accomplished?
>
> I use a combination of sshfs and encfs to keep my backups encrypted at
> Strongspace. You can use this with any online backup or web hosting
> services as long as they allow ssh file transfers (you don't need ssh
> login).

This sounds like an interesting approach, would you mind sharing some more 
details about your setup/configuration?

Tanks,
-- 
Dan Johansson, <http://www.dmj.nu>
***************************************************
This message is printed on 100% recycled electrons!
***************************************************

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Secure remote backup

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 1637 bytes --]

On Sun, 5 Nov 2006 11:40:46 +0100, Dan Johansson wrote:

> > I use a combination of sshfs and encfs to keep my backups encrypted at
> > Strongspace. You can use this with any online backup or web hosting
> > services as long as they allow ssh file transfers (you don't need ssh
> > login).  
> 
> This sounds like an interesting approach, would you mind sharing some
> more details about your setup/configuration?

Initially I tried mounting the remote directory using sshfs and then
creating an encfs mount on it. however, this ran exceptionally slowly so
I tool a different approach.

I creating a local encfs mount with
encfs /path/to/data-enc /path/to/data-plain

Then used rsync to backup the required directories to /path/to/data-plain
which left encrypted versions of them in /path/to/data-enc. Then I simply
used rsync to sync the encrypted directory to the remote backup server.
Each backup run now consists of

encfs /path/to/data-enc /path/to/data-plain
rsync /src/dir /path/to/data-plain
rsync -a /path/to/data-enc/ user@backup-server:/backups/
fusermount -u /path/to/data-plain

This is done via cron each night.

I can access individual files from the encrypted backup with

sshfs -o idmap=user user@backup-server:/backups /path/to/data-enc
encfs user@backup-server:/backups /path/to/data-plain

I also needed to put my SSH public key in .ssh/authorized_keys to avoid
giving passwords every time the backup ran.

The sshfs and encfs documentation is quite good, but feel free to ask if
you need any more info.


-- 
Neil Bothwick

Check three friends. If they're OK, you're it.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Secure remote backup

[Dirk Heinrichs]

[-- Attachment #1: Type: text/plain, Size: 903 bytes --]

Am Samstag, 4. November 2006 13:56 schrieb ext Dan Johansson:

> Me and a friend are looking into the possibility to do
> cross-site-remote-backups (I'm backing up my data to a directory in his
> box and he on mine). We want the connection and remote-storage to
> encrypted and we do not want to open too many ports in our firewalls. Any
> suggestions on how this could be accomplished?

Others have already pointed you to sshfs+encfs. Another possibility would be 
to use encrypted network block devices (dm-crypt with LUKS on top of NBD).

Bye...

	Dirk
-- 
Dirk Heinrichs          | Tel:  +49 (0)162 234 3408
Configuration Manager   | Fax:  +49 (0)211 47068 111
Capgemini Deutschland   | Mail: dirk.heinrichs@capgemini.com
Hambornerstraße 55      | Web:  http://www.capgemini.com
D-40472 Düsseldorf      | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Secure remote backup

[Steve [Gentoo]]

Dan Johansson wrote:
> cross-site-remote-backups 
Erm, "Me too..."

My first attempt centred on Duplicity - which, on the surface, seemed to
be exactly what I wanted... but, unfortunately, it is unusably buggy...
and is no longer in avtive development.

My second (in-progress) attempt is with BoxBackup - which seems far more
robust... and promises the benefits of a 'continuous' backup - which I
now consider significant.  The BoxBackup distribution instills a greater
sense of confidence - but documentation remains thin... and I'm
wrestling with configuring the backup daemon on a remote server (for
which I do not have root access...)

I'd be interested to hear other annecdotes about BoxBackup - is anyone
here using it and happy with their setup?  Is there a good HowTo anywhere?



-- 
gentoo-user@gentoo.org mailing list