[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Duplicity for this?
|
From: |
Grant |
|
Subject: |
Re: [Duplicity-talk] Duplicity for this? |
|
Date: |
Sat, 29 Mar 2014 09:35:52 -0700 |
>> I have three systems in three locations. Two of the systems contain
>> important data that needs to be backed up. I was thinking the two
>> important systems could push to the unimportant system and then pull
>> each other's data from there. That way the only accessible system is
>> the unimportant system.
>
> duplicity makes secure backups to potentially insecure (remote) file
> storages. so generally speaking, yes.
> using the accessible machine as peering location is kind of dangerous as you
> might mirror tampered (corrupted) backups to your other machines in case
> someone broke in there.
How about an automated restore command to test the validity of the backups?
> you might also want to consider
> http://liw.fi/obnam/
That looks like a good one.
>> Previously I was planning on rsyncing but I would like the data to be
>> encrypted at rest. I was planning to rsync to an accessible location
>> on the destination system and then run rdiff-backup from that location
>> to an inaccessible location on the same system so old versions of the
>> data would be clean if the private SSH key were compromised. Can I
>> accomplish something similar when using duplicity instead of rsync?
>
> dunno what you mean here.
> there is no "inaccessible location on a same machine". you'll have to assume
> your intruder has a privilege escalation exploit and go everywhere.
I was just talking about running rdiff-backup to a location that isn't
accessible via authorized_keys.
- Grant