Encrypted Backups with rsync and FUSE

Recently I set up a backup solution between my home server and a friends. However, I decided that I really needed to keep my data as safe as possible when its out of my direct control. Being the paranoid person I am, that meant encryption.

Introducing rsync.
rsync is a very handy command that works on its own as a capable backup solution. It's designed to copy only the minimum about of data to represent changes to the files you wish backed up. Combined with ssh this allows a secure remote backup system that minimises bandwidth usage.

Adding encryption.
Encryption by its very nature will try to obscure the data your dealing with, a small change to part of a single file can result in every byte of that file being changed. If your working with encrypted disk images, then this could mean that every part of the image is changed. This property is great for strong encryption but completely destroys rsyncs ability to detect changes and minimise bandwidth. This can result in huge amounts of data being transmitted every time you backup even a minor change.


FUSE to the rescue.
FUSE ( File system in USEr Space ) is a fantastic project that makes it easy to implement new and interesting utility file systems, it also allows the use of these file systems as a regular user with out the need for root level access. Two file systems built using FUSE are Sshfs and Encfs. Sshfs allow the mounting of a remote file system via an ssh link to the machine. Encfs is an ecrypting file system, it allows mounting of an encrypted source directory to some destination. Any files writen into the destination directory will be encrypted and stored in the source directory.

With these two components with have everything we need to use rsync with encryption effectively. First we use sshfs to mount the remote file system

sshfs remote_user@remote_server: /home/local_user/backup

then we use encfs to mount a folder within the remote file system to a second local folder.

encfs /home/local_user/backup/encrypted /home/local_user/clear

finally we tell rsync to backup files as if to a local folder and point it at our encfs mount point.

rsync -v -a --delete /home/local_user/stuff_to_backup /home/local_user/clear

and there we go. rsync will do its job and write only the minimum bytes to represent the changes, encfs will encrypt this, and finally sshfs will tunnel it all to the remote server. The exact bandwidth usage will depend on how encfs encrypts its files. After your done, unmount sshfs and encfs with the thus

fusermount -u /path/to/mount_point

A better solution would be to mount the encfs folder on the server side before using rsync via sshfs. However that would require having fuse and encfs installed on the target server.

Linux Bluetooth Audio

Recently I've been playing with bluetooth and audio. Thanks in part to finding a supply of very cheep dongles. Here is how I got my Linux computers to talk to a bluetooth audio dog-tag style stereo audio device, this can be used with any bluetooth audio device though including mono hands free kits.

Im using bluez 4.63, the latest available in my distro's ( Arch Linux ) repositories. First we need to find our device, so put the audio device into paring mode. Next we need to scan for our device.

# hcitool scan
Scanning ...
00:00:00:00:00:00 BTS-PHF41

Ok, once we have found the device we need to connect to it, for this we need the device mac address returned from our scan.

# hciconfig hci0 up
# hcitool cc 00:00:00:00:00:00

At this point we will have an open connection to the device, however we are not yet paired, so that's our next step. To do this I'm using one of the utility scripts provided by bluez. This requires Python.

# bluez-simple-agent hci0 00:00:00:00:00:00
RequestPinCOde (/org/bluez/.... )
Enter PIN code: 0000
Release
New Device ( /org/bluez/ .... )

This script will ask for a PIN number, enter one matching your device, given in the documentation that should come with it (0000 in the example above). Now we are all paired up and ready to send audio over to our device. In order to do this we will use ALSA and setup a bluetooth audio configuration. Open up the file ~/.asoundrc in the home folder of your regular user account and add the following to it.

pcm.bluetooth {
type bluetooth
}

That's that, we now have everything we need setup and ready for blutooth audio. However lets go one step more and configure a media player to use our new audio interface. I'm quite fond of MPD so ill show a configuration for that. Edit ~/.mpdconf and scroll down to the audio output section, add the following.

audio_output {
type "alsa"
name "blutooth output"
device "bluetooth"
format "44100:16:2"
mixer_device "defualt"
mixer_control "PCM"
mixer_index "0"
}

Now fire up MPD and enjoy audio with no wires attached ;-) This could also be useful as part of a nice jukebox setup, possibly using PMix from an Android phone as a remote.... sounds like a future project there!