Backup solution suggestions

Johan Ström johan at
Tue Jan 15 11:16:59 PST 2008

On Jan 15, 2008, at 13:44 , Jeremy Chadwick wrote:

> On Tue, Jan 15, 2008 at 12:40:02PM +0100, Vladimir Botka wrote:
>> Dne Tue, 15 Jan 2008 10:52:56 +0100
>> Johan Ström <johan at> napsal(a):
>>> Hello
>>> I'm looking to invest in some new hardware for backup. probably some
>>> kind of NAS (a 4-disk 1U NAS or something in that size). The thing
>>> is that I won't be the only one with access to this box, thus I
>>> would like to secure my data.
>>> What I would like is encryption both for the transfer to the box,
>>> and encrypted on disk. The data on disk should not be readable by
>>> anyone but me (ie the other user(s) of the box should not be able to
>>> read it, at least not without a big effort).
>>> So, I'm wondering what the best solution might be.. Tar'balling all
>>> my stuff and encrypt it with GPG or something and just dump it there
>>> with NFS would be the easiest solution, but maybe not the best. I've
>>> been thinking about running a GELI image on my box, and store that
>>> on the NAS over NFS.. would that be doable/secure/stable?
>>> Another idea would be to go with some regular 1U box running some
>>> FBSD, doing scp to the box and geli local on the box but that would
>>> require me to have the encryption keys on that box (which would be
>>> shared so thus no good idea).
>>> Any other ideas? Being able to rsync to the backup storage instead
>>> of just sending big encrypted tarballs would be very nice (and I
>>> guess that would be possible with geli version)
>>> Maybe not the perfect list for this, but it is somewhat freebsd
>>> specific and I'm sure some other ppl on the list have had simliar
>>> situations :)
>>> --
>>> Johan Ström
>>> Stromnet
>>> johan at
>> Hello,
>> As of the encryption on the transfer I use security/sfs to mount  
>> remote
>> directory for backup and then rsync in the local.
> I thought SFS looked pretty neat until I saw this in the  
> documentation:
>   Finally, you must export all the local-directorys in your  
> sfsrwsd_config
>   to localhost via NFS version 3.
> See my mail to Johan, as it documents a known "issue" with
> nfsd/mountd/portmap on FreeBSD (re: binding to INADDR_ANY and using
> dynamically-allocated port numbers).  This circles back to my "if you
> HAVE to use NFS, do so on a dedicated network which has no public
> access" statement.

SFS indeed looked very nice, but didnt provide me with the encrypted- 
on-disk feature I need as I understand?.
As mentioned earlier I don't want to store crypto keys on the backup  
machine itself, otherwise I could have used geli or something.



More information about the freebsd-stable mailing list