Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Encrypted automated backups
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
grant123
l33t
l33t


Joined: 23 Mar 2005
Posts: 734

PostPosted: Fri Mar 14, 2014 10:43 pm    Post subject: Encrypted automated backups Reply with quote

I have three systems in three locations. Two of the systems contain important data that needs to be backed up and those systems should be kept as secure as possible. I was thinking the two important systems could rsync push to the unimportant system and then rsync pull each other's data from there. That way the only accessible system is the unimportant system.

I'd like to incorporate encryption for the backups but how can that encryption be both secure and automated?
Back to top
View user's profile Send private message
Hu
Watchman
Watchman


Joined: 06 Mar 2007
Posts: 8903

PostPosted: Fri Mar 14, 2014 11:07 pm    Post subject: Reply with quote

I assume you mean you want the backup data to be encrypted at rest, since using rsync over ssh solves the problem of having the data encrypted in transit. Unfortunately, mixing encryption with rsync is difficult, since you want to rsync the encrypted form, and the good encryption techniques do not regenerate the same ciphertext for a given plaintext. If you can give up rsync, you could use tar, possibly in incremental mode, to create an archive, encrypt the archive, and then copy that to the destination. You could then use gnupg in key mode to encrypt the archive with a public key, where the private key is kept offline and accessible only to the backup administrator.
Back to top
View user's profile Send private message
grant123
l33t
l33t


Joined: 23 Mar 2005
Posts: 734

PostPosted: Fri Mar 14, 2014 11:42 pm    Post subject: Reply with quote

Ouch. It sounds like I may be out of luck. I do want to use rsync so I don't have to transfer so much data. I'll have to rethink this.
Back to top
View user's profile Send private message
Hu
Watchman
Watchman


Joined: 06 Mar 2007
Posts: 8903

PostPosted: Sat Mar 15, 2014 12:20 am    Post subject: Reply with quote

Unless you were planning on using the rsync capability to send only the changed blocks within a file, as opposed to running it with --whole-file, an incremental tar will not be substantially different from using rsync.
Back to top
View user's profile Send private message
vaxbrat
Guru
Guru


Joined: 05 Oct 2005
Posts: 593
Location: DC Burbs

PostPosted: Sat Mar 15, 2014 5:54 am    Post subject: rsync with ssh and authorized_keys Reply with quote

Use ssh-keygen to generate a public/private keypair for whatever user you want to use to transfer files. Just hit a return when prompted for an optional passphrase. Copy the ~/.ssh/id_rsa.pub to the destination host and user's ~/.ssh/authorized_keys file. If you want to manage more than one key then just append to that file.

At this point you can do an ssh or scp from the source to the destination host without a login prompt and could thus then use these commands in a script or from a crontab.

You could even use root to do this, but realize that it is a potential problem for network-wide pwnage. The private key (~/.ssh/id_rsa file) on the source machine must be treated as a security relevant object.

If you have a policy to change passwords on a scheduled basis, you will also want to do a keyroll of the authorized keys by using ssh-keygen to generate a new pair as necessary and to then update the authorized_keys files.
Back to top
View user's profile Send private message
Hu
Watchman
Watchman


Joined: 06 Mar 2007
Posts: 8903

PostPosted: Sat Mar 15, 2014 3:40 pm    Post subject: Reply with quote

To further secure the process, you could restrict the automated ssh key to use only sftp and/or be in a chroot on the receiving system. This would restrict a compromised key to the ability to manipulate only the approved directories, so it could delete older backups, upload false new ones, or exhaust disk quota, but not run a shell or directly read non-backup-related files. If you follow my earlier comment and transfer encrypted tar files, then there is no need for the receiving system to allow the key to log in as root.
Back to top
View user's profile Send private message
grant123
l33t
l33t


Joined: 23 Mar 2005
Posts: 734

PostPosted: Sat Mar 29, 2014 12:37 am    Post subject: Reply with quote

I think the key factor is that the incrementation and encryption is done on the source system before anything is transferred to the destination. How about duplicity for this? It sounds like the right tool for the job:

Quote:
Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.


http://duplicity.nongnu.org

Is that a better choice than incremental tar?

Previously I was planning on rsyncing to an accessible location on the destination system and then running rdiff-backup from that location to an inaccessible location on the same system so old versions of the data would be clean if the SSH private key were compromised. Can I accomplish something similar with incremental tar or duplicity?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum