On Jan 15, 2008, at 13:44 , Jeremy Chadwick wrote:
On Tue, Jan 15, 2008 at 12:40:02PM +0100, Vladimir Botka wrote:
Dne Tue, 15 Jan 2008 10:52:56 +0100
Johan Ström <[EMAIL PROTECTED]> napsal(a):
Hello
I'm looking to invest in some new hardware for backup. probably some
kind of NAS (a 4-disk 1U NAS or something in that size). The thing
is that I won't be the only one with access to this box, thus I
would like to secure my data.
What I would like is encryption both for the transfer to the box,
and encrypted on disk. The data on disk should not be readable by
anyone but me (ie the other user(s) of the box should not be able to
read it, at least not without a big effort).
So, I'm wondering what the best solution might be.. Tar'balling all
my stuff and encrypt it with GPG or something and just dump it there
with NFS would be the easiest solution, but maybe not the best. I've
been thinking about running a GELI image on my box, and store that
on the NAS over NFS.. would that be doable/secure/stable?
Another idea would be to go with some regular 1U box running some
FBSD, doing scp to the box and geli local on the box but that would
require me to have the encryption keys on that box (which would be
shared so thus no good idea).
Any other ideas? Being able to rsync to the backup storage instead
of just sending big encrypted tarballs would be very nice (and I
guess that would be possible with geli version)
Maybe not the perfect list for this, but it is somewhat freebsd
specific and I'm sure some other ppl on the list have had simliar
situations :)
--
Johan Ström
Stromnet
[EMAIL PROTECTED]
http://www.stromnet.se/
Hello,
As of the encryption on the transfer I use security/sfs to mount
remote
directory for backup and then rsync in the local.
I thought SFS looked pretty neat until I saw this in the
documentation:
Finally, you must export all the local-directorys in your
sfsrwsd_config
to localhost via NFS version 3.
See my mail to Johan, as it documents a known "issue" with
nfsd/mountd/portmap on FreeBSD (re: binding to INADDR_ANY and using
dynamically-allocated port numbers). This circles back to my "if you
HAVE to use NFS, do so on a dedicated network which has no public
access" statement.
SFS indeed looked very nice, but didnt provide me with the encrypted-
on-disk feature I need as I understand?.
As mentioned earlier I don't want to store crypto keys on the backup
machine itself, otherwise I could have used geli or something.
Thanks
--
Johan
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
