Re: Seeking Wisdom Concerning Backups

Douglas A. Tutty wrote:
On Thu, Feb 28, 2008 at 05:49:47PM -0600, Kent West wrote:
The problem is that the Terastation Pro only offers three connection methods: Windows Fileshare (Samba/smb/cifs), Apple Filesharing (AFS), and FTP).

I'd go with FTP

I don't know what a Barracuda Terastation Pro backup server is, but if
it has an ftp server that will allow you to upload a compressed
encrypted tarball, then here's what I'd suggest:

Think of a tool chain. In this case, work backwards since you are
limited to ftp.

First decide if you want to have a local tarball on the box and then
transfer the tarball, or if you want to create and transfer the tarball
in one step.
I'd prefer to not have to create the tarball locally first, but rather the create it on the fly as it's being transferred to the backup server.

Either way, I would use a tarball. You say you wish to
backup /home so that's easy (assuming no --excludes).
At this point, no I'm not worrying about excluding anything, except perhaps for mounts under /home (such as networked drives or flash drives -- (I sometimes will mount a network drive under my home directory)).

Note that if you
don't want a copy of the tarball locally, you'll need an ftp client that
can take stdin as input. If that doesn't work, see if it can take a
named pipe (fifo); you would make a fifo in, e.g. /var/local/backup and
pipe things to that then pipe from that to the ftp client.

I'm afraid you made me dizzy here.

Then compress the tarball. Just use gzip. bzip2 makes slightly smaller
archives but uses a lot more CPU time and isn't available on default
installs.

Then if you want to encrypt the tarball, run it through OpenSSL's
encryption, e.g.:

openssl bf -a -e -salt -in {file} -out {file.bf}

If this is going into a pipe-line, then -in and -out would not be needed
as they default to stdin and stdout. You'd also want to provide it with
a password source if you want it automated.

This file.tar.gz.bf (or file.tgz.bf) tarball would then get sent via ftp
to the backup server.

To make this automated, you'll need to write a simple script.

We can work on the details but let me know if my assumptions are valid
(e.g. standard ftp will work).


Encrypting the tarball as it goes across the 'Net would be fine, as long as it doesn't cause problems later on when it comes time to restore files.

Thanks for the response!

--
Kent




--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • summary FTP with 128 encrypted
    ... I have a question about FTP server, did any one know about encrypt ftp ... workstation "128 bit encrypted" work with tru64 server? ...
    (Tru64-UNIX-Managers)
  • Re: How to secure FTP?
    ... if it *does* fit you'll need to use a FTP service other than ... because it doesn't encrypt usernames and passwords. ... >> and password are required by the server in order to log on, ... >> other mechanisms (such as SSL) that are supported by a number of third ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Encrypt FTP session
    ... You may use VPN or IPSEC to encrypt communication between FTP ... server and clients. ...
    (Security-Basics)
  • RE: encrypt the password stored in a file
    ... > The password used to access a ftp server is stored in a text file, ... > perl program gets the password from the file, the pass it to the ftp ... > server for logon, this is the background. ... > The requirement is encrypt the password store in a more secure way, ...
    (perl.beginners)
  • Help with IPFW + NATD + Passive FTP
    ... passive FTP connections through IPFW with NATD enabled. ... $cmd 005 allow all from any to any via dc0 ... # Interface facing Public internet ... # Allow out access to my ISP's Domain name server. ...
    (freebsd-questions)