ecryptfs-users team mailing list archive

[David Tomaschik <david@xxxxxxxxxxxxxxxxxx>]

On 02/13/2011 09:32 PM, John Magolske wrote:
> Hi,
> 
> I'd like to create encrypted backups onto a remote server in such a
> way that the remote server never sees anything unencrypted. The idea
> would be to sync my home directory onto a local drive (using rsync or
> rdiff-backup) into a directory that gets encrypted by ecryptfs, then
> rsync that encrypted directory up to a remote server via ssh:
> 
> (A) Simple mirror:
> 
>   % sudo mount -t ecryptfs /drive/encrypt /drive/decrypt
>   % rsync -av --delete /home/john /drive/decrypt
>   % sudo umount -i /drive/decrypt
>   % rsync -av --delete -e ssh /drive/encrypt user@xxxxxxxxxxxxxx:/backup
> 
> (B) Mirror with increments using rdiff-backup:
> 
>   % sudo mount -t ecryptfs /drive/encrypt /drive/decrypt
>   % rdiff-backup /home/john /drive/decrypt
>   % sudo umount -i /drive/decrypt
>   % rsync -av --delete -e ssh /drive/encrypt user@xxxxxxxxxxxxxx:/backup
> 
> (C) Use sshfs to mount the remote encrypted backup & decrypt it locally:
> 
>   % sshfs user@xxxxxxxxxxxxxx:backup /remote-encrypt
>   % sudo mount -t ecryptfs /remote-encrypt /remote-decrypt
>   % cd /remote-decrypt
> 
> How well would any of these scenarios work with ecryptfs?
> Would enabling filename encryption be a viable option?
> 
> Thanks for any help,
> 
> John
> 


If you're not already encrypting locally, why not consider something
like duplicity that specializes in encrypted backup?  It can do
incrementals as well.

-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david@xxxxxxxxxxxxxxxxxx