From: Kris J. <bac...@jj...> - 2007-06-01 17:55:52
|
Les Mikesell wrote, On 6/1/2007 9:52 AM: > If you can dedicate the remote computer so no one else has root access, > a simple approach would be to use one of the transparently encrypted > file systems that needs a passphrase at startup to mount, and run an > independent instance of backuppc on this machine that uses rsync over > ssh or a vpn as the backup method. You'd want to have backup power so > the box didn't reboot often, but otherwise it would mostly take care of > itself without adding additional potential failure points like you will > with schemes that copy your existing archive. I'm not sure how secure > it would be but it might be interesting to build a scheme like this > under vmware if you can't dedicate a whole computer at the remote site. Not sure if I understand everything you said... 1. Put a VM on the remote system that no one else has root access to. 2. Install BackupPC inside this VM 3. Create an encrypted FS on the remote system, mount it under the VM. 4. Have the remote BackupPC backup my local BackupPC's data. 5. Backup power -- Got that covered. Something like that? Is it such a good idea to have another BackupPC backup another BackupPC's data because of the (possible?) explosion of hard-links and the extra time it would take to restore (kind of hard to be selective). Any other issues? A less secure alternative I've thought about is to create an encrypted FS on the remote system that was sent the mount command and passphrase/keyfile before backup and un-mounted when finished. But then there is a window of time that the remote system has access to the files. Thanks! -- - Kris Jordan - |