Greg Freemyer wrote:
I use rdiff-backup to a local encfs directory. Then I do a rsync of
the encrypted version of the encfs directory to a third party
location.
It is working fine so far. Admittedly my only restores from the
remote site have been tests. ie. It is for disaster recovery purposes
only. I use the local rdiff-backup copy for normal data recovery
needs.
That sounds clever. But I don't understand why it is not secure to use
encfs directly on the third party remote server (assuming that it is
available of course)? Something like this (sorry this is from a Windows
client hence use of plink and unusual escapes):
rdiff-backup --remote-schema "plink.exe -ssh -i mykey.ppk %s echo ""S3cr3tP4s5w0rd""^| encfs -S ~/archives-enc/ ~/archives/; rdiff-backup --server; fusermount -u ~/archives/" "C:/Documents and Settings/Dominic/My Documents" address@hidden::~/archives/mydocs;
My idea is that this will first mount the encrypted directory
(~/archives-enc/) so that it can be read and written to unencrypted (as
~/archives/), then run rdiff-backup into this directory, then unmount
so that thereafter the data can only be seen encrypted - unless you
have the password.
Of course this way we have sent the password to the remote server, but
we have done so using ssh and I don't think this can be sniffed or
found by the server's system administrator (it is not saved in
.bash_history) - or can it be?
Regards
Dominic