From owner-freebsd-stable@FreeBSD.ORG Tue Jan 15 12:02:19 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B909A16A420 for ; Tue, 15 Jan 2008 12:02:19 +0000 (UTC) (envelope-from vlado@botka.homeunix.org) Received: from smtp-out3.iol.cz (smtp-out3.iol.cz [194.228.2.91]) by mx1.freebsd.org (Postfix) with ESMTP id 574CE13C46A for ; Tue, 15 Jan 2008 12:02:18 +0000 (UTC) (envelope-from vlado@botka.homeunix.org) Received: from antivir5.iol.cz (unknown [192.168.30.212]) by smtp-out3.iol.cz (Postfix) with ESMTP id AF75F196832 for ; Tue, 15 Jan 2008 12:40:11 +0100 (CET) Received: from localhost (antivir5.iol.cz [127.0.0.1]) by antivir5.iol.cz (Postfix) with ESMTP id 5C9F066C034 for ; Tue, 15 Jan 2008 12:40:11 +0100 (CET) X-Virus-Scanned: amavisd-new at iol.cz Received: from antivir5.iol.cz ([127.0.0.1]) by localhost (antivir5.iol.cz [127.0.0.1]) (amavisd-new, port 10224) with LMTP id iDMzIIXbOj42 for ; Tue, 15 Jan 2008 12:40:11 +0100 (CET) Received: from smtp-out3.iol.cz (mta-out3 [192.168.30.28]) by antivir5.iol.cz (Postfix) with ESMTP id 07CDB66C03D for ; Tue, 15 Jan 2008 12:40:11 +0100 (CET) Received: from ace.botka.homeunix.org (3.77.broadband2.iol.cz [83.208.77.3]) by smtp-out3.iol.cz (Postfix) with ESMTP id EE9DE57DFE for ; Tue, 15 Jan 2008 12:40:08 +0100 (CET) Received: by ace.botka.homeunix.org (Postfix, from userid 1001) id 432E7175; Tue, 15 Jan 2008 12:40:08 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on ace.botka.homeunix.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.8 Received: from srv.g1.netng.org (ac.botka.homeunix.org [192.168.1.5]) by ace.botka.homeunix.org (Postfix) with ESMTP id 7B102170 for ; Tue, 15 Jan 2008 12:40:04 +0100 (CET) Received: from srv (srv [10.1.0.10]) by srv.g1.netng.org (Postfix) with ESMTP id 2F8CA33E20 for ; Tue, 15 Jan 2008 12:40:03 +0100 (CET) Date: Tue, 15 Jan 2008 12:40:02 +0100 From: Vladimir Botka To: freebsd-stable@freebsd.org Message-ID: <20080115124002.06d14cfc@srv> In-Reply-To: References: X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.1; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: Backup solution suggestions X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 12:02:19 -0000 Dne Tue, 15 Jan 2008 10:52:56 +0100 Johan Str=C3=B6m napsal(a): > Hello >=20 > I'm looking to invest in some new hardware for backup. probably some =20 > kind of NAS (a 4-disk 1U NAS or something in that size). The thing > is that I won't be the only one with access to this box, thus I > would like to secure my data. > What I would like is encryption both for the transfer to the box, > and encrypted on disk. The data on disk should not be readable by > anyone but me (ie the other user(s) of the box should not be able to > read it, at least not without a big effort). >=20 > So, I'm wondering what the best solution might be.. Tar'balling all =20 > my stuff and encrypt it with GPG or something and just dump it there =20 > with NFS would be the easiest solution, but maybe not the best. I've =20 > been thinking about running a GELI image on my box, and store that > on the NAS over NFS.. would that be doable/secure/stable? > Another idea would be to go with some regular 1U box running some =20 > FBSD, doing scp to the box and geli local on the box but that would =20 > require me to have the encryption keys on that box (which would be =20 > shared so thus no good idea). >=20 > Any other ideas? Being able to rsync to the backup storage instead > of just sending big encrypted tarballs would be very nice (and I > guess that would be possible with geli version) >=20 > Maybe not the perfect list for this, but it is somewhat freebsd =20 > specific and I'm sure some other ppl on the list have had simliar =20 > situations :) >=20 > -- > Johan Str=C3=B6m > Stromnet > johan@stromnet.se > http://www.stromnet.se/ >=20 Hello, As of the encryption on the transfer I use security/sfs to mount remote directory for backup and then rsync in the local. -vlado Vladimir Botka