Backup solution suggestions

Toomas Aas toomas.aas at
Wed Jan 16 10:03:06 PST 2008

Johan Ström wrote:

> My main problem with existing solutions is this "gap" of encryption on 
> the backup server side. I dont want it to be readable outside of my box 
> (without encryption keys ofcourse), so as soon as I send it of from my 
> box I want it to be encrypted over the link, and down on the disk. Not 
> decrypted on the remote box, to then be encrypted again (with keys 
> available on that box) and then stored to disk. That would allow any 
> users of that box (yes sure you can have file permissions but lets 
> assume someone else have root access there) to read my files.
> Simple Example:
> I create regular tarball (gziped maybee) with some files i want to 
> backup, Then i encrypt this file with ie gpg. Then i send of this file 
> using some unspecified network protocol to the storage server.
> Encrypted all the way, from my end to the remote disk..
> The downside is that it is a static file.. not a "dynamic filesystem", 
> nothing I can mount and have easy access to individual files from. 
> *Thats* what I'm looking for.

As a long-time user of Amanda and regular lurker on their mailing list, 
I've noticed that latest versions of Amanda have encryption capabilities. 
They seem to fit your needs in that encryption can be performed entirely 
on the backup client ("your box") side if one opts to set things up that way.

I haven't used encryption with Amanda myself so this is just what I've 
heard on the list and read from the wiki just now:

As for the ease of restore, it's not quite *that* easy, i.e. you can't 
just transparently mount the backup as a filesystem and copy files from 
there. Amanda has a command-line-ftp-like recovery interface, where you 
can specify which files/subdirectories and from which date you want 
recovered. It's been easy enough for me.

Toomas Aas

... Boy, that lightning came a little clo-********!!*******NO CARRIER

More information about the freebsd-stable mailing list