ecryptfs-users team mailing list archive

Thread
Date

Re: Remote encrypted backups with ecryptfs, rsync, rdiff-backup & ssh?

To: John Magolske <listmail@xxxxxxx>
From: "Serge E. Hallyn" <serge.hallyn@xxxxxxxxxxxxx>
Date: Sun, 13 Feb 2011 23:00:42 -0600
Cc: ecryptfs-users@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20110214023229.GA17939@s70206.gridserver.com>
User-agent: Mutt/1.5.21 (2010-09-15)

Quoting John Magolske (listmail@xxxxxxx):
> Hi,
> 
> I'd like to create encrypted backups onto a remote server in such a
> way that the remote server never sees anything unencrypted. The idea
> would be to sync my home directory onto a local drive (using rsync or
> rdiff-backup) into a directory that gets encrypted by ecryptfs, then
> rsync that encrypted directory up to a remote server via ssh:
> 
> (A) Simple mirror:
> 
>   % sudo mount -t ecryptfs /drive/encrypt /drive/decrypt
>   % rsync -av --delete /home/john /drive/decrypt
>   % sudo umount -i /drive/decrypt
>   % rsync -av --delete -e ssh /drive/encrypt user@xxxxxxxxxxxxxx:/backup

Should be fine.  I do effectively this for several directories.

> (B) Mirror with increments using rdiff-backup:
> 
>   % sudo mount -t ecryptfs /drive/encrypt /drive/decrypt
>   % rdiff-backup /home/john /drive/decrypt
>   % sudo umount -i /drive/decrypt
>   % rsync -av --delete -e ssh /drive/encrypt user@xxxxxxxxxxxxxx:/backup

Should be fine.  Haven't used rdiff-backup in 4 or 5 years, but
there should be nothing stopping it from working.

> (C) Use sshfs to mount the remote encrypted backup & decrypt it locally:
> 
>   % sshfs user@xxxxxxxxxxxxxx:backup /remote-encrypt
>   % sudo mount -t ecryptfs /remote-encrypt /remote-decrypt
>   % cd /remote-decrypt

I don't know how sshfs works in the background, but this one
would worry me.

-serge

References

Remote encrypted backups with ecryptfs, rsync, rdiff-backup & ssh?
From: John Magolske, 2011-02-14