On 09/11/15 19:33, Sebastien Marie wrote:
On Fri, Sep 11, 2015 at 05:03:54PM +0200, Alexander Hall wrote:
Is *anyone* but me using rdump(8) + rmt(8)?
I use dump(8) for doing remote backup, but I don't use rmt(8), due to
plaintext storage on remote side.
I don't understand. What's "plaintext storage"? :-)
when using dump(8) with rmt(8), the remote connection is done using ssh.
So the network traffic is encrypted. But rmt will save the dump "as it"
on remote side, so without encryption.
it is what I mean by "plaintext storage".
my concerns is simple:
- I am the unique admin on my laptop.
- I want to save dumps of it, on a remote location where I am not admin.
- I don't want my data to be readable by third-party on the remote side.
Currently, I use the (somehow simplified) following command:
dump -f- | gzip -1 | openssl enc | ssh 'cat > dumpfile'
which ensure the `dumpfile' is encrypted on local side, and saved
(encrypted) on the remote side.
Yeah, those are valid concerns, and while I think that's common
practice, be warned that if Murphy is around and you loose the tail of
the piped data, dump(8) might still consider this a complete dump once
it has written all its data to the pipe, causing inconsistency between
actually dumped data and /etc/dumpdates...
I've spent some time skimming the code and wondering if it would improve
the situation if we allowed -f "| /path/to/some_command" or -p 'gzip |
openssl enc'.
Ideas about how and if this would be reasonable (or not) are gladly
accepted.
/Alexander
