ecryptfs-users team mailing list archive

Thread
Date

Re: Remote encrypted backups with ecryptfs, rsync, rdiff-backup & ssh?

To: ecryptfs-users@xxxxxxxxxxxxxxxxxxx
From: John Magolske <listmail@xxxxxxx>
Date: Sun, 13 Feb 2011 21:53:53 -0800
In-reply-to: <4D589D3A.5030107@systemoverlord.com>
User-agent: Mutt/1.5.19 (2009-01-05)

* David Tomaschik <david@xxxxxxxxxxxxxxxxxx> [110213 19:15]:
> On 02/13/2011 09:32 PM, John Magolske wrote:
> > I'd like to create encrypted backups onto a remote server [...]
> >
> > (A) Simple mirror:
> > 
> >   % sudo mount -t ecryptfs /drive/encrypt /drive/decrypt
> >   % rsync -av --delete /home/john /drive/decrypt
> >   % sudo umount -i /drive/decrypt
> >   % rsync -av --delete -e ssh /drive/encrypt user@xxxxxxxxxxxxxx:/backup
> > 
> > (B) Mirror with increments using rdiff-backup:
> > 
> >   % sudo mount -t ecryptfs /drive/encrypt /drive/decrypt
> >   % rdiff-backup /home/john /drive/decrypt
> >   % sudo umount -i /drive/decrypt
> >   % rsync -av --delete -e ssh /drive/encrypt user@xxxxxxxxxxxxxx:/backup
> > 
> > (C) Use sshfs to mount the remote encrypted backup & decrypt it locally:
> > 
> >   % sshfs user@xxxxxxxxxxxxxx:backup /remote-encrypt
> >   % sudo mount -t ecryptfs /remote-encrypt /remote-decrypt
> >   % cd /remote-decrypt
> 
> If you're not already encrypting locally, why not consider something
> like duplicity that specializes in encrypted backup?  It can do
> incrementals as well.

I had initially considered duplicity, but then decided against it.
Because it keeps a mirror + forward diffs, any corruption of a diff
causes the loss of all backups occurring after that diff. I've
heard stories of people loosing backups in this way...not sure how
likely that is, but the reverse diff approach of rdiff-backup sounds
better (corruption of a diff = loss of all backups prior to it). My
understanding of duplicity is that it requires a periodic full backup.
For a 200GB directory, this could be problematic in terms of time and
monetary cost of bandwidth. Also, if the process hangs, apparently
there is no way to resume an interrupted backup [1]. And pulling files
from the remote backup would require restoring the entire directory
first, again a big bandwidth hit. That's why I was hoping scenario C
above might work (mount with sshfs & decrypt locally).

[1] #536361 - duplicity: no way to resume an interrupted backup
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536361

Regards,

John

-- 
John Magolske
http://B79.net/contact

References

Remote encrypted backups with ecryptfs, rsync, rdiff-backup & ssh?
From: John Magolske, 2011-02-14
Re: Remote encrypted backups with ecryptfs, rsync, rdiff-backup & ssh?
From: David Tomaschik, 2011-02-14