| 1 |
Randall Nortman (gentoolists@×××××××××××.com) wrote: |
| 2 |
> On Wed, Jul 12, 2006 at 09:22:13AM -0400, Jason wrote: |
| 3 |
> > The subject kinda says it all. I've been hunting around for an |
| 4 |
> > automated solution to backing up my encrypted home directory to a remote |
| 5 |
> > server through ssh. Obviously, the backup is also an encrypted volume. |
| 6 |
> |
| 7 |
> Have you considered backing up the block device that underlies your |
| 8 |
> encrypted volume instead of trying to back up the files on the |
| 9 |
> filesystem? You don't need to decrypt and re-encrypt it in that case; |
| 10 |
> you just back up the raw (encrypted) block device using rsync (over |
| 11 |
> ssh, just to provide secure authentication). If the block device |
| 12 |
> happens to be managed by LVM, you can use LVM's snapshot feature to |
| 13 |
> get a consistent image of the device. Otherwise, you'd have to make |
| 14 |
> sure the filesystem is unmounted or mounted read-only during the |
| 15 |
> backup. |
| 16 |
|
| 17 |
I'd considered that, unfortunately, three issues arose. One, I've |
| 18 |
earmarked 20 GB for my encrypted homedir for plenty of growth. It's |
| 19 |
currently over 4 GB of stuff I actually want there. Two, even if I |
| 20 |
shrink it, I can't assume I'll always have a fat pipe from my laptop. |
| 21 |
And three, I want user login to still be as quick and transparent as |
| 22 |
possible. Since very little changes in my homedir from one login to the |
| 23 |
next, rsyncing the data inside makes much more sense. |
| 24 |
|
| 25 |
I'm currently looking at the openssh API to ssh-agent and once I have |
| 26 |
that figured out I'll take a look at wedging it into cryptsetup. Not |
| 27 |
sure from a crypto perspective if that approach is tight, but I'll carry |
| 28 |
on till I'm told otherwise. :) |
| 29 |
|
| 30 |
Jason. |
| 31 |
-- |
| 32 |
gentoo-security@g.o mailing list |
Archives