From owner-freebsd-security Sun May 16 19:10: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from weathership.homeport.org (breakwater.homeport.org [216.67.13.2]) by hub.freebsd.org (Postfix) with ESMTP id BECF015059 for ; Sun, 16 May 1999 19:10:01 -0700 (PDT) (envelope-from adam@weathership.homeport.org) Received: (from adam@localhost) by weathership.homeport.org (8.8.8/8.8.5) id WAA01870; Sun, 16 May 1999 22:23:25 -0400 (EDT) Date: Sun, 16 May 1999 22:23:25 -0400 From: Adam Shostack To: Igor Roshchin Cc: nr1@ihug.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: secure backup Message-ID: <19990516222325.A1851@weathership.homeport.org> References: <199905170014.MAA18766@smtp1.ihug.co.nz> <199905170151.UAA04558@alecto.physics.uiuc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <199905170151.UAA04558@alecto.physics.uiuc.edu>; from Igor Roshchin on Sun, May 16, 1999 at 08:51:19PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ssh does not help; the host the tape is atatched to is untrusted. Adam On Sun, May 16, 1999 at 08:51:19PM -0500, Igor Roshchin wrote: | | | If both machines are Unix - you can use SSH. | | I am using the following script: | (from the machine that I backup) | (Written for FreeBSD - so, you might want to optimize it differently - | if you using some other Unix - you might want to adjust the size of the buffer) | | ------------------------------- | #!/bin/csh -f | # | set SSH="ssh -c none -i /local-path-to-private/key backup@tape-machine.com /bin/dd bs=64k of=/dev/nrst0" | echo starting MyMachine | date | dump 0ubsdf 64 61000 100000 - / | /bin/dd bs=64k | $SSH | dump 0ubsdf 64 61000 100000 - /usr | /bin/dd bs=64k | $SSH | dump 0ubsdf 64 61000 100000 - /var | /bin/dd bs=64k | $SSH | dump 0ubsdf 64 61000 100000 - /mail | /bin/dd bs=64k | $SSH | -------------------------------- | | | (backup - is the account of the user on the machine "tape-machine.com" - | the one which has the tape driver attached) | | Hope, this helps, | | IgoR | | > Can anyone recommend how I should go about creating a backup to an untrusted | > machine that has the tape drive, and using an untrusted network. | > | > I'm a bit wary of encrypting the output of tar or dump, as a single byte error | > would make the rest of the backup useless. I'd like to encrypt (pgp?) each | > file separately as I go, so that a corrupted byte affects only one file on | > retrieval. Is there an existing way to do this, or should I hack tar or dump | > into doing it? | > | > | > | > To Unsubscribe: send mail to majordomo@FreeBSD.org | > with "unsubscribe freebsd-security" in the body of the message | > | | | | | To Unsubscribe: send mail to majordomo@FreeBSD.org | with "unsubscribe freebsd-security" in the body of the message -- "It is seldom that liberty of any kind is lost all at once." -Hume To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message