[wplug-internet] Backups

[Vance Kochenderfer]

Bill Moran <wmoran at potentialtech.com> wrote:
> 
> In response to Vance Kochenderfer <vkochend at nyx.net>:
> > I think Bill's got it right.  You attach a directory on the target
> > machine to the Linode server via sshfs, e.g.
> >   [root at linode]# sshfs wplug at mikes.machine.net: /mnt/mhsemcheski
> > which connects /mnt/mhsemcheski on Linode to /home/wplug on Mike's
> > machine.
> > 
> > This way, all encryption/decryption of the filesystem takes place
> > on the Linode server, not on the target machine.
> 
> Shouldn't there be an extra step in there?  Mounting a remote file
> as an encrypted filesystem?

There's definitely more.  :)  The above is just step #1 from my
5-step list
<http://www.wplug.org/pipermail/wplug-internet/2009-June/000170.html>.

Actually, instead of using sshfs for this step, we could use NFS,
SMB, or whatever network filesystem you like.  It just seemed like
sshfs would be easiest from the perspective of the target machine
(all you need is sshd, and you don't have to fool with setting up
a separate access control scheme).

> I'm not very familiar with this process
> on Linux, but found this howto:
> http://www.faqs.org/docs/Linux-HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html

Hmm, that's for 2.2 kernels - things have probably changed since.
This howto <http://wiki.centos.org/HowTos/EncryptedFilesystem> is
more recent and I think covers steps #2-5 from my list.  In our
case, /path/to/secretfs would be a reference to the file mounted
over the network.

Duncan was right about rpmforge; I just installed the fuse and
fuse-sshfs packages from there onto the Linode server.  cryptsetup
was already installed.  Haven't tested it out though - if you run
into a roadblock, it's possible that the Linode-provided kernel
doesn't have the proper dm-crypt support.

Vance Kochenderfer        |  "Get me out of these ropes and into a
vkochend at nyx.net          |   good belt of Scotch"    -Nick Danger