1 |
Randall Nortman (gentoolists@×××××××××××.com) wrote: |
2 |
> On Wed, Jul 12, 2006 at 09:22:13AM -0400, Jason wrote: |
3 |
> > The subject kinda says it all. I've been hunting around for an |
4 |
> > automated solution to backing up my encrypted home directory to a remote |
5 |
> > server through ssh. Obviously, the backup is also an encrypted volume. |
6 |
> |
7 |
> Have you considered backing up the block device that underlies your |
8 |
> encrypted volume instead of trying to back up the files on the |
9 |
> filesystem? You don't need to decrypt and re-encrypt it in that case; |
10 |
> you just back up the raw (encrypted) block device using rsync (over |
11 |
> ssh, just to provide secure authentication). If the block device |
12 |
> happens to be managed by LVM, you can use LVM's snapshot feature to |
13 |
> get a consistent image of the device. Otherwise, you'd have to make |
14 |
> sure the filesystem is unmounted or mounted read-only during the |
15 |
> backup. |
16 |
|
17 |
I'd considered that, unfortunately, three issues arose. One, I've |
18 |
earmarked 20 GB for my encrypted homedir for plenty of growth. It's |
19 |
currently over 4 GB of stuff I actually want there. Two, even if I |
20 |
shrink it, I can't assume I'll always have a fat pipe from my laptop. |
21 |
And three, I want user login to still be as quick and transparent as |
22 |
possible. Since very little changes in my homedir from one login to the |
23 |
next, rsyncing the data inside makes much more sense. |
24 |
|
25 |
I'm currently looking at the openssh API to ssh-agent and once I have |
26 |
that figured out I'll take a look at wedging it into cryptsetup. Not |
27 |
sure from a crypto perspective if that approach is tight, but I'll carry |
28 |
on till I'm told otherwise. :) |
29 |
|
30 |
Jason. |
31 |
-- |
32 |
gentoo-security@g.o mailing list |