Results 1 to 14 of 14
  1. #1

    Backups: rsync to untrusted host

    I'd like to do backups to a remote machine.
    I think rsync over ssh is probably the best way, but it leaves a problem: the data won't be secured on the remote server, which is essentially an untrusted box.

    I could use gpg to encrypt the data before transfer, but this seems a bit of a hack.

    Is there a better way? What do you guys do?

  2. #2
    Join Date
    Dec 2001
    Posts
    515
    Are you trying to backup to a shared account somewhere? You could always get a low cost dedicated server, or a vps. I guess the question is, what is your level of comfort?

    Would you be comfortable with people in the remote datacenter having access to your data (they probably do now with your current server). Are you only worried about hackers & other server mates?

    I personally backup data to a remote computer that is on a cable conncection. I am the only one with access, but it makes a quick restore a bit of a problem (no charges at all for the server / over bandwidth though)
    Keep your customers in the know with www.KnownOutage.com - free alerting software that you host. Did I mention that it's free?

  3. #3
    Would you be comfortable with people in the remote datacenter having access to your data
    No, I wouldn't.

  4. #4
    Join Date
    Dec 2001
    Posts
    515
    so, you would have to actually have this in your own private datacenter, so that only you had physical access to the box.
    Keep your customers in the know with www.KnownOutage.com - free alerting software that you host. Did I mention that it's free?

  5. #5
    so, you would have to actually have this in your own private datacenter, so that only you had physical access to the box.
    No, not if the backups were encrypted.

  6. #6
    Join Date
    Apr 2004
    Posts
    173
    Ive actually done this at once point. Not ideal but it works.
    I used mcrypt to encrypt the contents once it was rsync'd

  7. #7
    You transferred to the remote server then did an encrypt?

  8. #8
    hit me up at info at fastcolocation.net and i can give you my script that i use to backup over ssh

  9. #9
    Join Date
    Apr 2004
    Posts
    173
    well you can do it either way encrypt it then rsync it over ssh
    I owned both endpoints so it wasn't as critical as the question that wa posed here.

  10. #10
    Join Date
    Apr 2003
    Location
    Melbourne, AU
    Posts
    539
    it's not impossible to replace fread/fwrite/whatever file I/O functions rsync uses to implement transparent encryption. maybe implement a simple XOR operation

  11. #11
    Thanks for that, but you don't know of a generic way to do this?
    Other people must have needed to do this?

  12. #12
    Join Date
    Nov 2001
    Posts
    551
    You will need to add a patch to a patch, as found here:
    http://lists.samba.org/archive/rsync...er/007694.html

    There are some problems:
    Implementation details:
    -filtering disables rsync alogrithm
    -source filter makes temporary files in /tmp (there should by enough disk space)
    -if source filter fails, data is send unfiltered
    -failure of destination filter, causes data loss!!!
    -if filter changes size of file, you should use --times-only option
    to prevent repeated transfers of unchanged files

  13. #13
    Cool thanks.

    I had a look on the rsync list, but didn't see this post.
    I think the safest option would be for me to copy the files, gpg them, then rsync them. Seems safest.

    Thanks again.

  14. #14
    Join Date
    Nov 2001
    Posts
    551
    I agreed, remember you will want to encrypt each file separately, otherwise rsync will copy the entire archive. Also be aware that it will have to copy the entire file, if it has changed, as it will look completely different when you encrypt it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •