Securely backing up Linux machines to NAS?

Tom Metro tmetro-blu-5a1Jt6qxUNc at public.gmane.org
Sat Sep 12 14:45:15 EDT 2009 

Scott Ehrlich wrote:
> I have been tasked with having a Buffalo Terastation Pro 2 NAS box,
> likely to be connected to a Linux box via samba, be the storage device
> to back up mostly Ubuntu and Centos systems.

Filling in a few gaps that may not have been covered by the other 
responses...

So you have a NAS attached to a Linux server, with both presumably on a 
secure LAN, and you want to permit clients from outside the LAN to 
securely store files on the NAS?


> So what are the simplest options to back up the Linux hosts?   rsync
> does come to mind, but how to do so securely from each host?   I'd
> consider something via ssh, but that would mean an interactive login,
> and encrypting individual files on the hosts is not an option.

rsync is a good option. It can directly use ssh as its transport, so you 
don't need to worry about over-the-wire security. As others mentioned, 
you can setup ssh to use key-based authentication to improve security 
and ease of automation.

What's less clear is whether the Buffalo Terastation provides ssh 
access, or if you'll have to accomplish that through the Linux server it 
is attached to. Making the connections directly to the Terastation is 
preferable to maximize rsync efficiency and minimize traffic on the LAN.


> ...or even away to negate the need of the Linux server and permit the
> hosts to back up directly to the NAS...

Doable if the Buffalo can be hacked, or you are willing to switch to a 
NAS that can be or is a more professional grade product that already 
supports ssh.


> ...need to do so in an automated fashion...

Anything from a simple cron ran script to any of the numerous rsync 
wrappers could be used to automate the process. If these are personal 
workstations, you can probably even find a friendly GUI wrapper for 
rsync that lets users pick and choose what gets backed up and when.

If you need the files to be encrypted at the source machine, then you'll 
need to consider other tools like rsyncrypto[1] or duplicity[2], both of 
which use the rsync algorithm for efficient data transport, but encrypt 
the files first.

1. http://sourceforge.net/projects/rsyncrypto/
2. http://duplicity.nongnu.org/


> NFS is also available on the NAS, but considering the security
> concerns, I will not use that...samba is not an option, unless it
> remains the ONLY one.

NFS and Samba are generally not used outside a LAN, and although they 
could be tunneled through SSH or a VPN (or you could just use sshfs), 
they won't provide the efficiency of rsync.

  -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/

More information about the Discuss mailing list