Encrypted backup?

[Martiz]

Hi

I'm currently thinking about building a FreeNAS box using a HP micro server.

And maybe a friend would like to do the same.

Now a question came up:
Is there a way we can both reserve half of the space for "the other guy", so that we both can have offsite backups?

The backup itself should work using ZFS snapshots pushed over an SSH connexion, i guess.

But is there a way to have his backup encrypted so that I cannot decipher it and vice versa?

 

[paleoN]

Is there a way we can both reserve half of the space for "the other guy", so that we both can have offsite backups?

Quotas. This would mean you both need twice as much space.

The backup itself should work using ZFS snapshots pushed over an SSH connexion, i guess.

Yes, SSH or VPN or ...

But is there a way to have his backup encrypted so that I cannot decipher it and vice versa?

Encrypt everything before sending it.

 

[Martiz]

Encrypt everything before sending it.

Is that something I can configure in the graphical GUI?

I'm aware that I can use GELI encryption, but I think I know the key of the encrypted file system if I do that. Am I mistaken and there is a way to accept incoming transmission of an encrypted file system where i do not know the key?

 

[Phantom]

I have a similar situation and I am needing this exact solution as well. At the moment, my only solution is to use a 3rd party server/workstation with some other 3rd party encryption software to first encrypt the data, then move it to a separate mount point on the server and simply backup just that one mount point. My problem is, aside from taking more resources and being more complicated, I'm pretty sure this will increase the size of the backups and not allow the incremental backups. I'm still researching a good solution and will let you know if i find one, if anyone else has any ideas please share them.

 

[klayman]

Hi,

any news on this topic? I'm also looking into backing up my system to an online storage provider. However, I don't want to rely on the service provider handling encryption (who knows where the keys are going). So how does rsync work, is it transferring files or (encrypted?) filesystem "blocks"? In case of the former, is there any file based encryption available?

Thanks,
Klayman

 

[cyberjock]

I understand what you are saying. About the only way I know of to ensure you and only you have access to your data would be to do something like a TrueCrypt container file, then upload that to your backup provider.

There's no easy way that I know of to do some kind of automated backup with applicable encryption.

 

[fracai]

I'm backing up to rsync.net with duply (wrapper for duplicity). Everything is encrypted with my own GPG key. This should be cake to setup in a jail and I bet the duply/duplicity scripts could be made to run under the main system as well.

 

[cyberjock]

I'm backing up to rsync.net with duply (wrapper for duplicity). Everything is encrypted with my own GPG key. This should be cake to setup in a jail and I bet the duply/duplicity scripts could be made to run under the main system as well.

Can you provide more info on this? I'm curious how this all works out. I'm not sure how that's supposed to be encrypted when rsync relies on a source and destination to be capable of reading their own files...

 

[fracai]

http://duplicity.nongnu.org/

Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.

http://duply.net/
Duply just makes things easier to configure.

rsync.net offered a discount to FreeNAS users a few weeks ago, it may still be valid. I've found them to be very helpful.

http://forums.freenas.org/threads/d...-offer-from-rsync-net-to-freenas-users.15613/

 

[cyberjock]

So you use duplicity to create the encrypted tars, then rsync to upload them from your server to rsync.net?

 

[fracai]

Easier than that. I type "duply important backup" and it runs the backup task to backup my "important" files. I have another set of notes that I backup with "duply notes backup". Each task does the tar, encryption, and rsync upload from that one command. I haven't investigated, but I think that's why I'm using duply instead of just duplicity. I think duplicity would require more steps for the initial configuration and usage. At least, that's what the duply page and a few others imply.

 

[pmb]

Do you run duply/duplicity in jails? I'm about to use it to make backups to local disk.

 

[fracai]

I actually haven't run it from a jail (only OS X), but it's in the ports tree so it should be quick enough to get going. If you have any trouble or questions I can install it in a jail; I've been meaning to.