Date: Tue, 15 Jan 2008 04:44:06 -0800 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Vladimir Botka <vlado@botka.homeunix.org> Cc: freebsd-stable@freebsd.org Subject: Re: Backup solution suggestions Message-ID: <20080115124406.GA8803@eos.sc1.parodius.com> In-Reply-To: <20080115124002.06d14cfc@srv> References: <E6BCC509-6CC8-44F1-98C2-416920A52218@stromnet.se> <20080115124002.06d14cfc@srv>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 15, 2008 at 12:40:02PM +0100, Vladimir Botka wrote: > Dne Tue, 15 Jan 2008 10:52:56 +0100 > Johan Ström <johan@stromnet.se> napsal(a): > > > Hello > > > > I'm looking to invest in some new hardware for backup. probably some > > kind of NAS (a 4-disk 1U NAS or something in that size). The thing > > is that I won't be the only one with access to this box, thus I > > would like to secure my data. > > What I would like is encryption both for the transfer to the box, > > and encrypted on disk. The data on disk should not be readable by > > anyone but me (ie the other user(s) of the box should not be able to > > read it, at least not without a big effort). > > > > So, I'm wondering what the best solution might be.. Tar'balling all > > my stuff and encrypt it with GPG or something and just dump it there > > with NFS would be the easiest solution, but maybe not the best. I've > > been thinking about running a GELI image on my box, and store that > > on the NAS over NFS.. would that be doable/secure/stable? > > Another idea would be to go with some regular 1U box running some > > FBSD, doing scp to the box and geli local on the box but that would > > require me to have the encryption keys on that box (which would be > > shared so thus no good idea). > > > > Any other ideas? Being able to rsync to the backup storage instead > > of just sending big encrypted tarballs would be very nice (and I > > guess that would be possible with geli version) > > > > Maybe not the perfect list for this, but it is somewhat freebsd > > specific and I'm sure some other ppl on the list have had simliar > > situations :) > > > > -- > > Johan Ström > > Stromnet > > johan@stromnet.se > > http://www.stromnet.se/ > > > > Hello, > > As of the encryption on the transfer I use security/sfs to mount remote > directory for backup and then rsync in the local. I thought SFS looked pretty neat until I saw this in the documentation: Finally, you must export all the local-directorys in your sfsrwsd_config to localhost via NFS version 3. See my mail to Johan, as it documents a known "issue" with nfsd/mountd/portmap on FreeBSD (re: binding to INADDR_ANY and using dynamically-allocated port numbers). This circles back to my "if you HAVE to use NFS, do so on a dedicated network which has no public access" statement. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080115124406.GA8803>