Randall Nortman ([EMAIL PROTECTED]) wrote: > On Wed, Jul 12, 2006 at 09:22:13AM -0400, Jason wrote: > > The subject kinda says it all. I've been hunting around for an > > automated solution to backing up my encrypted home directory to a remote > > server through ssh. Obviously, the backup is also an encrypted volume. > > Have you considered backing up the block device that underlies your > encrypted volume instead of trying to back up the files on the > filesystem? You don't need to decrypt and re-encrypt it in that case; > you just back up the raw (encrypted) block device using rsync (over > ssh, just to provide secure authentication). If the block device > happens to be managed by LVM, you can use LVM's snapshot feature to > get a consistent image of the device. Otherwise, you'd have to make > sure the filesystem is unmounted or mounted read-only during the > backup.
I'd considered that, unfortunately, three issues arose. One, I've earmarked 20 GB for my encrypted homedir for plenty of growth. It's currently over 4 GB of stuff I actually want there. Two, even if I shrink it, I can't assume I'll always have a fat pipe from my laptop. And three, I want user login to still be as quick and transparent as possible. Since very little changes in my homedir from one login to the next, rsyncing the data inside makes much more sense. I'm currently looking at the openssh API to ssh-agent and once I have that figured out I'll take a look at wedging it into cryptsetup. Not sure from a crypto perspective if that approach is tight, but I'll carry on till I'm told otherwise. :) Jason. -- gentoo-security@gentoo.org mailing list
