Securely backing up Linux machines to NAS?
Jerry Feldman
gaf-mNDKBlG2WHs at public.gmane.org
Sat Sep 12 16:43:36 EDT 2009
While I have not done it with Buffalo, I believe that optware can be
installed. This includes ssh, cron, rsync(v3), rsnapshot et. al. I would
strongly suggest using rsync or rstapshot (that uses rsync).
On 09/12/2009 02:45 PM, Tom Metro wrote:
> Scott Ehrlich wrote:
> =20
>> I have been tasked with having a Buffalo Terastation Pro 2 NAS box,
>> likely to be connected to a Linux box via samba, be the storage device=
>> to back up mostly Ubuntu and Centos systems.
>> =20
> Filling in a few gaps that may not have been covered by the other=20
> responses...
>
> So you have a NAS attached to a Linux server, with both presumably on a=
=20
> secure LAN, and you want to permit clients from outside the LAN to=20
> securely store files on the NAS?
>
>
> =20
>> So what are the simplest options to back up the Linux hosts? rsync
>> does come to mind, but how to do so securely from each host? I'd
>> consider something via ssh, but that would mean an interactive login,
>> and encrypting individual files on the hosts is not an option.
>> =20
> rsync is a good option. It can directly use ssh as its transport, so yo=
u=20
> don't need to worry about over-the-wire security. As others mentioned, =
> you can setup ssh to use key-based authentication to improve security=20
> and ease of automation.
>
> What's less clear is whether the Buffalo Terastation provides ssh=20
> access, or if you'll have to accomplish that through the Linux server i=
t=20
> is attached to. Making the connections directly to the Terastation is=20
> preferable to maximize rsync efficiency and minimize traffic on the LAN=
=2E
>
>
> =20
>> ...or even away to negate the need of the Linux server and permit the
>> hosts to back up directly to the NAS...
>> =20
> Doable if the Buffalo can be hacked, or you are willing to switch to a =
> NAS that can be or is a more professional grade product that already=20
> supports ssh.
>
>
> =20
>> ...need to do so in an automated fashion...
>> =20
> Anything from a simple cron ran script to any of the numerous rsync=20
> wrappers could be used to automate the process. If these are personal=20
> workstations, you can probably even find a friendly GUI wrapper for=20
> rsync that lets users pick and choose what gets backed up and when.
>
> If you need the files to be encrypted at the source machine, then you'l=
l=20
> need to consider other tools like rsyncrypto[1] or duplicity[2], both o=
f=20
> which use the rsync algorithm for efficient data transport, but encrypt=
=20
> the files first.
>
> 1. http://sourceforge.net/projects/rsyncrypto/
> 2. http://duplicity.nongnu.org/
>
>
> =20
>> NFS is also available on the NAS, but considering the security
>> concerns, I will not use that...samba is not an option, unless it
>> remains the ONLY one.
>> =20
> NFS and Samba are generally not used outside a LAN, and although they=20
> could be tunneled through SSH or a VPN (or you could just use sshfs),=20
> they won't provide the efficiency of rsync.
>
> -Tom
>
> =20
--=20
Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
More information about the Discuss
mailing list