I'm interested in setting up an offsite back-up of my most important files (family photos, videos, financial and legal docs, etc.). The total size is around 3TB. A friend of mine has offered to allow me to place a pi and external harddrive at his house. I don't know much about linux but I imagine it wouldn't be difficult to use SSH and rsync to get this done. I'm looking for advice as far as encrypting the backup though. I understand that using SSH would encrypt the traffic.
What I am unclear about would be the best method to ensure the data on the remote drive wouldn't be accessible to others, including my friend. Anyone doing something similar?
pi as an encrypted offsite back-up solution
8 posts
- Posts: 4
- Joined: Wed Feb 27, 2013 4:55 pm
encfs can help you.
something like:
something like:
- Code: Select all
sudo apt-get install encfs
encfs /yourhdd/.crypt /yourhdd/secure
- Posts: 2
- Joined: Sun Jan 13, 2013 8:07 pm
Thanks for the response. Would this be a full disk encryption? When I run the following command, it asks me if I want to create a folder. Perhaps an encrypted folder is enough?
I've never run linux before so this is all new. I'm pasting the results from df- l below if that helps show what I've done so far.
- Code: Select all
encfs /mnt/usb/.crypt /mnt/usb/secure
I've never run linux before so this is all new. I'm pasting the results from df- l below if that helps show what I've done so far.
- Code: Select all
Filesystem 1K-blocks Used Available Use% Mounted on
rootfs 7380456 1465128 5597096 21% /
/dev/root 7380456 1465128 5597096 21% /
devtmpfs 86184 0 86184 0% /dev
tmpfs 18888 224 18664 2% /run
tmpfs 5120 0 5120 0% /run/lock
tmpfs 37760 0 37760 0% /run/shm
/dev/mmcblk0p1 57288 19008 38280 34% /boot
/dev/sda1 199099904 2560 199097344 1% /mnt/usb
- Posts: 4
- Joined: Wed Feb 27, 2013 4:55 pm
I would urge you to think about how the encryption will help.
Say you have full disk encryption*. Your pi is up and running in a Bitlocker style configuration. You have some method of transferring data to that Pi.
That pi gets hacked. Everything gets downloaded. The encryption is so transparent to the attacker, he may not even notice it's there.
A similar logic applies to an encrypted folder or partition.
If your concern is that someone will physically pick up the pi and walk away with it, I'm sure you're not worried about them stealing the pi OS from the SD card - encrypting your data drive may well be a solution.
* Since a pi does not support TPM, any form of full disk encryption that does not rely on you entering a key at boot time will be very difficult, if not impossible.
Say you have full disk encryption*. Your pi is up and running in a Bitlocker style configuration. You have some method of transferring data to that Pi.
That pi gets hacked. Everything gets downloaded. The encryption is so transparent to the attacker, he may not even notice it's there.
A similar logic applies to an encrypted folder or partition.
If your concern is that someone will physically pick up the pi and walk away with it, I'm sure you're not worried about them stealing the pi OS from the SD card - encrypting your data drive may well be a solution.
* Since a pi does not support TPM, any form of full disk encryption that does not rely on you entering a key at boot time will be very difficult, if not impossible.
- Posts: 179
- Joined: Sun Dec 02, 2012 9:49 am
Because I know so little, perhaps it's best to just ask others what to do when creating an offsite backup. Would it be better to pick up a large drive and get a safety deposit box at the bank and every couple weeks, pick up the drive, bring it home, sync it, and then bring it back. What do others do? I'm sorta lazy and cheap and would like to just have something setup that runs on its own.
I'm not worried about someone breaking into my friend's house and stealing the drive. I'd have to assume they'd be a layperson (like me!) without the know-how to get at the date. Hell, just having the drive formated in something other than NTFS or FAT32 would keep the data safe from most users.
I would assume anyone stealing my drive would just reformat it to use it.
There is nothing I have that would be worth someone spending any time trying to hack. Isn't sniffing SSH traffic a waste of time anyway? lots of questions here, lots of ignorance here....
I'm not worried about someone breaking into my friend's house and stealing the drive. I'd have to assume they'd be a layperson (like me!) without the know-how to get at the date. Hell, just having the drive formated in something other than NTFS or FAT32 would keep the data safe from most users.
I would assume anyone stealing my drive would just reformat it to use it.There is nothing I have that would be worth someone spending any time trying to hack. Isn't sniffing SSH traffic a waste of time anyway? lots of questions here, lots of ignorance here....
- Posts: 4
- Joined: Wed Feb 27, 2013 4:55 pm
My offsite backup is done via FTP to a dedicated storage host. All scripted from my Pi's and other machines.
I use http://www.thecloud.net.nz (disclosure: they provide me some sponsorship).
I use http://www.thecloud.net.nz (disclosure: they provide me some sponsorship).
- Posts: 822
- Joined: Wed Dec 26, 2012 3:46 am
If you expect high traffic (e.g. LAN 3mb/s) you should think of some bandwidth limiter. I had NFS for some time on my pi but pi crashed every time I transfered something large.
- Posts: 28
- Joined: Sun Aug 12, 2012 3:50 pm
- Location: Finland
Thanks for the suggestions. A buddy of mine helped me to get LUKS setup on the pi. Using luksformat, I was able to encrypt a 3TB external USB drive. I then used luksOpen to mount. I believe I have it setup correctly at the moment. Next step, figure out rsync!
- Code: Select all
/dev/mapper/secure 2.7T 201M 2.6T 1% /mnt/secure
- Posts: 4
- Joined: Wed Feb 27, 2013 4:55 pm