From owner-freebsd-security Sun May 16 18:51:27 1999 Delivered-To: freebsd-security@freebsd.org Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [130.126.8.20]) by hub.freebsd.org (Postfix) with ESMTP id D506F14FC7 for ; Sun, 16 May 1999 18:51:25 -0700 (PDT) (envelope-from igor@alecto.physics.uiuc.edu) Received: (from igor@localhost) by alecto.physics.uiuc.edu (8.9.0/8.9.0) id UAA04558; Sun, 16 May 1999 20:51:19 -0500 (CDT) From: Igor Roshchin Message-Id: <199905170151.UAA04558@alecto.physics.uiuc.edu> Subject: Re: secure backup In-Reply-To: <199905170014.MAA18766@smtp1.ihug.co.nz> from "nr1@ihug.co.nz" at "May 17, 1999 12:14:19 pm" To: nr1@ihug.co.nz Date: Sun, 16 May 1999 20:51:19 -0500 (CDT) Cc: freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If both machines are Unix - you can use SSH. I am using the following script: (from the machine that I backup) (Written for FreeBSD - so, you might want to optimize it differently - if you using some other Unix - you might want to adjust the size of the buffer) ------------------------------- #!/bin/csh -f # set SSH="ssh -c none -i /local-path-to-private/key backup@tape-machine.com /bin/dd bs=64k of=/dev/nrst0" echo starting MyMachine date dump 0ubsdf 64 61000 100000 - / | /bin/dd bs=64k | $SSH dump 0ubsdf 64 61000 100000 - /usr | /bin/dd bs=64k | $SSH dump 0ubsdf 64 61000 100000 - /var | /bin/dd bs=64k | $SSH dump 0ubsdf 64 61000 100000 - /mail | /bin/dd bs=64k | $SSH -------------------------------- (backup - is the account of the user on the machine "tape-machine.com" - the one which has the tape driver attached) Hope, this helps, IgoR > Can anyone recommend how I should go about creating a backup to an untrusted > machine that has the tape drive, and using an untrusted network. > > I'm a bit wary of encrypting the output of tar or dump, as a single byte error > would make the rest of the backup useless. I'd like to encrypt (pgp?) each > file separately as I go, so that a corrupted byte affects only one file on > retrieval. Is there an existing way to do this, or should I hack tar or dump > into doing it? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message