[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Automated tarsnap backups.



I perform 4 automated backups per day. I used tarsnap-keymgmt to make
a key with only rw access. My thinking:

* Access to the key (root on the server) implies access to the data on
the server, so read is already granted.
* Write since it's needed to make backups.

In this case the only thing worse than getting root on the box (and
reading the tarsnap key) would be deleting the data *and* all backups,
which this specifically prevents.

-Nick

On Fri, Feb 14, 2014 at 10:43 AM, Joshua Kolash <joshua.kolash@gmail.com> wrote:
> Curious Question for people who use tarsnap for automated backups.
>
> I assume most people just have the keyfile as unencrypted, as it doesn't
> require any prompting.
>
> Does anyone keep the keyfile encrypted and have automated backups?
>
> I'm imagining the following server setup.
>
> Have a BackupBox with the encrypted keyfile and the backup contents.
>
> Have a PasswordBox with the password to the keyfile and have the PasswordBox
> simply ssh into the BackupBox and enter the password into tarsnap on a
> regular basis. The PasswordBox can then be sealed off except for
> re-initializing the password and ssh schedule. In effect it is like having a
> single purpose ssh-agent that lasts forever for narrowly defined tasks.
>
> Does anyone do anything like this? Or is this needless complexity for little
> if any security gain? You still need to trust BackupBox to not be evil.
>
> As I want automated backups I think the only point to encrypting the keyfile
> would be for the printed paper backup.