Introducing rsync.
rsync is a very handy command that works on its own as a capable backup solution. It's designed to copy only the minimum about of data to represent changes to the files you wish backed up. Combined with ssh this allows a secure remote backup system that minimises bandwidth usage.
Adding encryption.
Encryption by its very nature will try to obscure the data your dealing with, a small change to part of a single file can result in every byte of that file being changed. If your working with encrypted disk images, then this could mean that every part of the image is changed. This property is great for strong encryption but completely destroys rsyncs ability to detect changes and minimise bandwidth. This can result in huge amounts of data being transmitted every time you backup even a minor change.
FUSE to the rescue.
FUSE ( File system in USEr Space ) is a fantastic project that makes it easy to implement new and interesting utility file systems, it also allows the use of these file systems as a regular user with out the need for root level access. Two file systems built using FUSE are Sshfs and Encfs. Sshfs allow the mounting of a remote file system via an ssh link to the machine. Encfs is an ecrypting file system, it allows mounting of an encrypted source directory to some destination. Any files writen into the destination directory will be encrypted and stored in the source directory.
With these two components with have everything we need to use rsync with encryption effectively. First we use sshfs to mount the remote file system
sshfs remote_user@remote_server: /home/local_user/backup
then we use encfs to mount a folder within the remote file system to a second local folder.
encfs /home/local_user/backup/encrypted /home/local_user/clear
finally we tell rsync to backup files as if to a local folder and point it at our encfs mount point.
rsync -v -a --delete /home/local_user/stuff_to_backup /home/local_user/clear
and there we go. rsync will do its job and write only the minimum bytes to represent the changes, encfs will encrypt this, and finally sshfs will tunnel it all to the remote server. The exact bandwidth usage will depend on how encfs encrypts its files. After your done, unmount sshfs and encfs with the thus
fusermount -u /path/to/mount_point
A better solution would be to mount the encfs folder on the server side before using rsync via sshfs. However that would require having fuse and encfs installed on the target server.
No comments:
Post a Comment