Date: Wed, 16 Jan 2008 20:02:56 +0200 From: Toomas Aas <toomas.aas@raad.tartu.ee> To: =?ISO-8859-1?Q?Johan_Str=F6m?= <johan@stromnet.se> Cc: freebsd-stable@freebsd.org, emj@emj.se Subject: Re: Backup solution suggestions Message-ID: <478E46D0.2080804@raad.tartu.ee> In-Reply-To: <4FF9842D-ADC9-4A99-9DC4-E0FE1CC9CDCF@stromnet.se> References: <E6BCC509-6CC8-44F1-98C2-416920A52218@stromnet.se> <39FB5CF3-F2F4-401B-9D6D-7796608152E5@ish.com.au> <4FF9842D-ADC9-4A99-9DC4-E0FE1CC9CDCF@stromnet.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Johan Ström wrote: > My main problem with existing solutions is this "gap" of encryption on > the backup server side. I dont want it to be readable outside of my box > (without encryption keys ofcourse), so as soon as I send it of from my > box I want it to be encrypted over the link, and down on the disk. Not > decrypted on the remote box, to then be encrypted again (with keys > available on that box) and then stored to disk. That would allow any > users of that box (yes sure you can have file permissions but lets > assume someone else have root access there) to read my files. > > Simple Example: > > I create regular tarball (gziped maybee) with some files i want to > backup, Then i encrypt this file with ie gpg. Then i send of this file > using some unspecified network protocol to the storage server. > Encrypted all the way, from my end to the remote disk.. > The downside is that it is a static file.. not a "dynamic filesystem", > nothing I can mount and have easy access to individual files from. > *Thats* what I'm looking for. As a long-time user of Amanda and regular lurker on their mailing list, I've noticed that latest versions of Amanda have encryption capabilities. They seem to fit your needs in that encryption can be performed entirely on the backup client ("your box") side if one opts to set things up that way. I haven't used encryption with Amanda myself so this is just what I've heard on the list and read from the wiki just now: http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption As for the ease of restore, it's not quite *that* easy, i.e. you can't just transparently mount the backup as a filesystem and copy files from there. Amanda has a command-line-ftp-like recovery interface, where you can specify which files/subdirectories and from which date you want recovered. It's been easy enough for me. -- Toomas Aas ... Boy, that lightning came a little clo-********!!*******NO CARRIER
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?478E46D0.2080804>