[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [rdiff-backup-users] Rdiff-backup with untrusted remote hosts (encry
|
From: |
Maarten Bezemer |
|
Subject: |
Re: [rdiff-backup-users] Rdiff-backup with untrusted remote hosts (encrypted backup) |
|
Date: |
Fri, 8 Aug 2008 14:46:19 +0200 (CEST) |
Hi,
On Fri, 8 Aug 2008, ahd71 wrote:
> (..) except the possibility to encrypt files saved at the remote
> host. In some case I do not trust the remote end and wants to have my
> information encrypted in some way.
Can you explain your situation a bit more? Do you own and administer the
remote server, but do not trust its physical location or the people that
might have access to the physical device?
Or is the box just a remote server, administered by someone else, possibly
shared with other untrusted people, etc.
Using an encrypted file system at the remote end wouldn't help you much if
anybody except you has administrative rights on the machine. Mounted encfs
will be accessible as if it were just another file system.
Guarding against people pulling your remote server out of a rack and
copying your data can be done by using encrypted filesystems, but again
only when you're the only root on the machine AND you can make absolutely
sure that the filesystem password you enter remotely will indeed go the
the mount command (and not to some tweaked password-stealing script) on
your box.
Guarding against casual users at the remote end is easy: just chmod the
backup tree so it is only accessible by you.
If you're just a user on some other server, local encryption (at the
remote site) will not prevent the (remote) adminsitrator from looking at
your data while the rdiff-backup process is processing the files in
memory.
Maybe something like network block devices with an encryption layer at the
trusted side may be an option. Never tried, tho.
HTH,
Maarten