Hi, I have a small server at home. I like to put it 'online' and secure it as good as possible. The counterside of putting your personal backups on a server is that it might get hacked... and you don't want have to have your personal docs online... Do you think encryption is needed? How to use encryption with rsync? Thanks in advance, ~D
Hi, If paranoid on the data you'll be syncing: Setup ssh on both sides, and use rsync over ssh. If it's just the data that might get corrupted or somebody getting to the data laterz: I believe the rsync authentication is good enough, so add a password for the rsync daemon's shares. Hendrik On Sun, Aug 28, 2011 at 6:35 PM, Dirk <schoappied at gmail.com> wrote:> Hi, > > I have a small server at home. I like to put it 'online' and secure it as > good as possible. The counterside of putting your personal backups on a > server is that it might get hacked... and you don't want have to have your > personal docs online... > > Do you think encryption is needed? > > How to use encryption with rsync? > > > Thanks in advance, > > ~D > -- > Please use reply-all for most replies to avoid omitting the mailing list. > To unsubscribe or change options: > https://lists.samba.org/mailman/listinfo/rsync > Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html >
I think Dirk was asking about securing the *DATA* on the remote server - not the *TRANSPORT* I'd recommend encfs. It has a "--reverse" option which allows you to mount a data tree and the new mount shows up with encrypted filenames and content. rsync that to the remote server, and even the local sysAdmins won't have access to the data i.e. encfs --reverse /home/ /tmp/crypt-view rsync -azv /tmp/crypt-view remote-server:....... After a data loss, you could rsync that encrypted content back, then encfs-mount it and access the unencrypted data We use it as a mechanism of role separation: it allows our security group to use the server group infrastructure for backups/storage, without giving them access to the data... Jason -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.samba.org/pipermail/rsync/attachments/20110830/afe6fe74/attachment.html>
Hello, You can use rsync friendly file encryption before you start your rsync session. Take a look at murk http://murk.sourceforge.net/ and rsyncrypto http://sourceforge.net/projects/rsyncrypto/ Regards, Milutin Voinivich s3rsync.com On 08/28/2011 07:35 PM, Dirk wrote:> Hi, > > I have a small server at home. I like to put it 'online' and secure it > as good as possible. The counterside of putting your personal backups > on a server is that it might get hacked... and you don't want have to > have your personal docs online... > > Do you think encryption is needed? > > How to use encryption with rsync? > > > Thanks in advance, > > ~D-- Regards, Milutin Voinivich s3rsync.com
On 09/03/2011 09:11 AM, Henri Shustak wrote:>> I have a small server at home. I like to put it 'online' and secure it as good as possible. The counterside of putting your personal backups on a server is that it might get hacked... and you don't want have to have your personal docs online... >> >> Do you think encryption is needed? >> >> How to use encryption with rsync? > Which operating system are you running on the system which currently has your personal documents? > > >Ubuntu/ Debian. ~D
>> Which operating system are you running on the system which currently has your personal documents? >> > > Ubuntu/DebianDo you know if there is a virtual file system encryption system which breaks the data into bands? I know that Mac OS X has support for breaking an encrypted disk image into bands (eg 8MB each). However, I am not sure about for LINUX. I have looked at TrueCrypt but was unable to see such an option when I last checked. If you are able to break the virtual file system into bands then keeping this in sync on a remote server is far easier. The link below has details regarding this and with a few changes it would work on a LINUX system. http://www.lbackup.org/synchronizing_disk_images_between_machines