Backup Central

Le ven 16/07/2004 =E0 09:59, Oystein Viggen a =E9crit :
* [Sam Przyswa]=20
=20
But some customers ask for an external backup service and they want
encrypted backup for their external storage, I try to find a solution
with BackupPC.
=20
You ssh-ing in to enter the password to mount the encrypted filesystem
after every boot might satisfy your customers. Especially if you
describe to them the elaborate tricks you will be using to make sure th=
e
computer's security has not been compromised before you enter the
password.

Yes it is a solution but I have to mount and unmount the entire
encrypted filesystem or have an encrypted partition for each
machine/customer and this partition must be mounted all the day, so an
user with root privileges can read the files.

Sam.



--=20
Ce message a =E9t=E9 v=E9rifi=E9 par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a =E9t=E9 trouv=E9.
MailScanner remercie transtec pour son soutien.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




Sam Przyswa wrote:

| user with root privileges can read the files.

This statement is true, out of context, for any Unix setup, ever. If
root wants to know something, root WILL know it. If you don't trust
root, you're a moron, especially if you ARE root.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQIVAwUBQP80WXgHNmZLgCUhAQKoVw//aNGGHFShOA2T7v+keLt344uH4Wx7TH98
LrQOoAVIkqDZA9UIAtLsx/E/tLNaRvDZBzcbm/HantsNeq5OM8M753/hS35KM66j
B7bJaeRzZFGSlnm+rKAs01uuLLMROMJJRN/9aZZfpnQWPKpzzCIV0iD77aNh05aJ
WNWdi16NmQqsx7g6hL32xC95FFEig5PNrFJPOpSFCArYE1AaaZk+jitFhn9jwke7
2Rp7GDWlGzYzUmorsk35A9Qx2Fezy4R4AILxpTlrq5riyv6ovYq20twTPSVwbB+h
7noSQuIEBpiAcrWtyWKTIdn5A/UFw/12pCiunBGgb6zy1pMtxgAdTnkXKe94kWnZ
D5cIHkQU5tK56X9iENDHWTeZbizuqekONVEBGCRwRjTvCRUTeGpToMGhbq7WyfKO
wlES/8HuhnnkfkSEvXVRtI6NBeDF3jojk3tB2mBn1ChuJQT8RltevSi6RcitQD7A
gQcuSHZNLgEqtUlQ42Gst/fPFud23cmjkYZS8bN3Rx9jKl81MF72YAZ1zqbw+wnw
+DJIpzOTe9EN8EC23mmjPPTLI3xCcw3niTBfDlGFIl+9vT43iBcNmNJUqbTeZFNT
z49tZNTUtgO9IotFkjX49Xjx8mSUsrD9LM0nYIoBTWqZP5ERxV7pVjEZu0ZV5Vp3
Dv4ZMzTrtZk=
=Veyn
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

Le jeu 22/07/2004 =E0 05:28, David Masover a =E9crit :
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=20
=20
=20
=20
Sam Przyswa wrote:
=20
| user with root privileges can read the files.
=20
This statement is true, out of context, for any Unix setup, ever. If
root wants to know something, root WILL know it. If you don't trust
root, you're a moron, especially if you ARE root.

Sure but if the files are encrypted and you don't have the pass phrase
even root can't read it.

The question is where/how get the pass phrase to backup/restore files

Sam.




--=20
Ce message a =E9t=E9 v=E9rifi=E9 par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a =E9t=E9 trouv=E9.
MailScanner remercie transtec pour son soutien.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

Le mer 21/07/2004 =E0 14:04, Oystein Viggen a =E9crit :
* [Sam Przyswa]=20
=20
Yes it is a solution but I have to mount and unmount the entire
encrypted filesystem or have an encrypted partition for each
machine/customer and this partition must be mounted all the day, so a=
n
user with root privileges can read the files.
=20
If you intend to give your customers root access to the backuppc server=
,
you need to have one server for each customer. Server side encryption
simply won't help you.
=20
Client side encryption is difficult, though theoretically possible.
If you use rsyncssh and/or rsyncd backups, you could deploy a specially
modified rsync on all your backup clients. This variant of rsync would
encrypt every file on the fly, and the actual rsyncing would be of
encrypted files. In the case of rsyncssh, you would need to set up ssh
to only allow access to that particular modified rsync program when
logging in with the ssh-key stored on the backuppc server. This versio=
n
of rsync would of course also only accept properly encrypted data as
input for restores.
=20

In this option rsync will write/read the files encrypted on the server
machine, it's a good idea, just to rewrite rsync and that is an other
question but I think it will be the good solution.

Thanks.

Sam.



--=20
Ce message a =E9t=E9 v=E9rifi=E9 par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a =E9t=E9 trouv=E9.
MailScanner remercie transtec pour son soutien.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/

On Thu, 2004-07-22 at 07:00, Sam Przyswa wrote:
This statement is true, out of context, for any Unix setup, ever. If
root wants to know something, root WILL know it. If you don't trust
root, you're a moron, especially if you ARE root.

Sure but if the files are encrypted and you don't have the pass phrase
even root can't read it.

The question is where/how get the pass phrase to backup/restore files

The point is that it is impossible to do this in a way that
a person with root privileges can't intercept by replacing
the executable with a trojan or reading the raw device
where the pass phrase is submitted. He can also replace
all of the executables that you might use to verify that
these changes had not been done with ones that will show
whatever he wants.

---
Les Mikesell
les < at > futuresources.com




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
BackupPC-users mailing list
BackupPC-users < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/