Ubuntu Security :: Encrypted Backup With Duplicity?
Feb 20, 2010
I managed to make an encrypted backup of my ubuntu box onto my server and was also able to restore it. I mainly followed this tutorial here. Altough everything worked fine I have two questions:What is that part for ? Quote: export PASSPHRASE=your_passphrase
Just for the fun of it, and to see how it would handle incremental backups I ran the backup command a second time and was, to my surprise, asked to provide my GpG password. Whys that? And how can I "auto-login", since I would like to run this command in a cron job.
View 5 Replies
ADVERTISEMENT
Aug 10, 2010
I want to backup data and upload to online hosting services. I first want to encyrpt my data locally that I want to backup. Since I will be making changes locally to the data, I want some sort of incremental imaging system where the incremental changes are stored in seperate files so that I only have to upload the incremental encrypted changes. Duplicity is an option, but it uses GPG, which makes it a bit complicated; and I was wondering if there was any alternative which was simpler as I am only doing the encryption and backup locally.
EDIT:I have only ONE computer on which the data resides, and on which the backup image image is made. That is, I have a directory foo on my computer, the backup of which will be made to back-foo on the same computer. I want back-foo to be in an encypted form Then back-foo will be uploaded (unencrypted) to microsft live storage or to spideroak storage etc. Since back-foo is encrypted, my upload is secure. And since I'm uploading, I want incremental backup support, that is, the backup utility should create new files which contain the incremental changes so that I can upload only the new files which contain the changes.
View 2 Replies
View Related
Mar 7, 2011
I installed Ubuntu 10.10 64 on my laptop with the entire 500gb setup as encrypted LVM. This has worked well for several months with no problems. During this time i have been backing up the data to an external usb drive (1tb) on a regular basis. The usb drive was not encrypted. So, I thought it would be a good idea to encrypt the backup drive too. I wiped out the backup drive and set it up as one large encrypted lvm and mbr. This seemed to work fine but immediately afterwards I decided to erase that and set it up as encrypted lvm guid instead of mbr. I couldn't delete it while logged into my desktop so i decided to do it from a bootable gparted usb stick. In gparted i erased the 1TB backup drive once again and planned on setting it up the way I wanted once I was logged back into my ubuntu desktop. Now I cant boot into my desktop with the following errors:
cryptsetup: evms_activate is not available b0d) does not begin with /dev/mapper/
Then after waiting for a few minutes I get an error followed by (initramfs)
When booting from a live version of ubuntu the 250MB boot patition is recognized and 500 partion is there but it is labeled as empty/unused.
Also, I did choose to use the exact same passphrase as what is used on the main bootable drive when I set up the encrypted partition on the external 1TB drive.
View 9 Replies
View Related
Jan 5, 2010
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
View 6 Replies
View Related
Jan 2, 2010
I'm recently switched my work laptop from running winXP to runing karmic. I'm still at the stage of getting my various bits and bobs working correctly. One of these I (may) have a problem with is backup's. I've ran backuppc on a ubuntu 9.04 box in the attic for the last year or so and I've been backing up my laptop to that. But since the switch, since I have an encrypted home dir, what is being backed up is the encrypted files. First, can I recover these if needed (I kept a copy of my passphrase), or can I get backuppc to ssh in as me with my home dir mounted correctly?
Backuppc is using rsync over ssh I've been using linux on and off since about redhat 5.0, so I'm not afraid of the command line or vi
View 5 Replies
View Related
Feb 27, 2011
I want to save a backup of my data on a remote server, but never want the backup server to see the data unencrypted. Editing a single file and backing up should not result in everything being encrypted and sent again. The remote server should preferably not even know the directory structure (and especially not the directory names).
View 2 Replies
View Related
Apr 30, 2011
I learned from another post that Ubuntu (Gnome) will be doing away with panels as of 11.10 so I am in the process of downloading Lubuntu to have a look see. To keep myself amused during the download I have been poking around in various documentation pages and came across one on ubuntu.com about backup. It points to some pages on Ubuntu One.
The tech specs indicate that communication to/from Ubuntu One use SSL. However, I do not find any information as to the actual storage of files on the Ubuntu One servers (the FAQ page seems to be down at the moment). Can anyone tell me if the files which are synced to the server are stored in an encrypted format on the server?
View 2 Replies
View Related
Jun 25, 2010
My laptop has only Debian on it. Except for /boot, the entire hard drive is a giant encrypted LVM partition. It takes Clonezilla 13 hours to back up to a USB hard drive without verification, long enough to make sure backups aren't done much. Is there some way to make an encrypted bare-metal backup of only what is used (except swap) instead of every sector? Backing up across the LAN would be ok.
View 6 Replies
View Related
Mar 23, 2011
This is not a regular backup. I only want to backup selective directories so personal files (photographs, documents, sourcecode) will be kept safe in case of a total system meltdown. This'll be 15GB max. Basically the digital variant of a fire resistant safe. I looked into duplicity but that requires me to install gpg keys on the target machine, which I can not do. I rather have a solution that just relies on just a working shell account and diskspace on the target server.
I thought of writing a simple script to do the following:
1. Mount remote server with sshfs
2. Mount encrypted container at remote server (LUKS, TrueCrypt?)
3. Loop over predefined directories on local machine and copy to encrypted container (rdiff-backup?)
Based on these requirements:
- Target server is "dumb": only ssh access + diskspace (i.e. no installing of gpg keys)
- Encrypted container should grow/shrink to fit contents
- Encrypted container should be easily decryptable on any OS if you have the password
- Once data leaves client server it should be encrypted: sysadmin on target server should never be able to see unencrypted data.
View 3 Replies
View Related
Mar 26, 2011
There are a lot of backup solutions, many scripts based of rsync. The problem is not a lot of them encrypt your data before syncing it. I have a USB hard drive and I want to backup my user folder /home/myuser/ to the external drive What software will allow me to create incremental backups which are encrypted with relative ease
View 2 Replies
View Related
Feb 4, 2010
I have been trying to get duplicity to backup my files on my desktop to a server in the same physical location. Originally I tried scp, but could not get it to work. I recently tried file, but can't seem to get that working either. I am running Ubuntu 8.10. I have my remote server mounted using sshfs, and have no problems connecting. I can copy files to it, so I know it's not mounted read-only.
Code:
james@clay:~$ cp tmp.txt /media/myserver/Backups/James/tmp.txt
james@clay:~$ cd /media/myserver/Backups/James
james@clay:/media/myserver/Backups/James$ ls -l
total 8
[Code]...
View 1 Replies
View Related
Oct 23, 2010
I've been using Duplicity for ages and this morning it suddenly produces the following error:
Code:
I can't figure out what happened. Yesterday I did a successful full backup (as I do each week). This command was to add the usual incremental. I've not changed the scripts, source, destination or GPG keys. I turned up verbosity to see what it was doing, but an obvious error didn't leap out.
View 1 Replies
View Related
Mar 30, 2011
I'm trying to set up a backup routine using the instructions at[URL]..I tried duplicity but I it wouldn't connect
Code:
PASSPHRASE='xxx' FTP_PASSWORD='password' duplicity /etc ftp://russ@ftpsite.com/etc
so tried
Code:
ncftpls -d russ.log -p password -u russ ftp://ftpsite.com
wouldn't connect either, then realised the user id should be an email address
[Code]...
View 2 Replies
View Related
Mar 15, 2010
During the installation of Ubuntu Karmic, I picked the option that encrypts my home directory.
A few questions:
(1) Shortly after installation, I was asked to run a command to print a key necessary for data recovery from a rescue CD. I didn't run it at the time and am now looking for the command to run. What is it?
(2) I think I read somewhere that this also encrypts swap. Great. Correct me if that's wrong.
(3) If I suspend the machine, is my home directory encrypted? That is, if I have this on a laptop and travel with the suspended laptop and someone steals it, are my data safe, or not?
(4) I assume the weakest point in the system is my relatively short login password (but I think the install tests it and found it okay). Is there a recommendation how long this should be?
View 3 Replies
View Related
Feb 21, 2011
i started on the "Installation & Upgrades" Forum. So this is basically a repost. I configured an encrypted swap during the installation process of my kubuntu maverick using the manual install CD. I do not use LVM. This worked fine but I made the mistake of assigning a password to the encrypted swap. I would like to change this in favor for a random key. I tried to change /etc/crypttab in the following way:
[code]...
Now the system still asks for a password for sda7_crypt at startup, but does not recognize the old password. It seems that the swap gets a random key and works fine anyway, so I really want to remove only the question for the PW at boot time. This is not a big issue, but it is annoying. When the system is up I can do swapoff and swapon without problems and no password is needed. Directly after boot swap works:
[code]...
View 1 Replies
View Related
Jan 1, 2010
I want to send a PGP encrypted file to a friend who (unfortunately) probably doesn't even have any idea what PGP is. He runs Windows XP. I know I can encrypt and decrypt PGP files easily and freely on Ubuntu, but I have no idea about how to handle PGP in XP... I tried downloading a PGP file in an XP virtual machine to find out, and Windows was pretty much unable to identify the file type. What kind of software on Windows (that is completely free and trustworthy) would be able to decrypt my PGP files?
View 9 Replies
View Related
Jan 3, 2010
I'm just wondering - what is the best way to set up your encrypted volumes with dm_crypt and LUKS?
My understanding was that aes-lrw ws better than aes-cbc - and then I stumble upon [url] which says that LRW has some problems, and XTS is better? I dont know enough about encryption theory to be able to say anything, so i'm hoping some folks more enlightened will be able to say something here.
I was previously using aes-lrw-benbi to set up a volume. If xts is truly better - should i be using '-c aes-xts-benbi' then?
View 4 Replies
View Related
Jan 31, 2010
There was a recent thread in this forum regarding capturing of SSH passwords via the use of wireshark. The thread subject was closed, which is a decision that I both agree with as well as agree with the reasoning behind. The thread, however, raised a point of curiosity and concern that I would like to ask about. Quoting from a the book, SSH, The definitive guide,
The client authenticates you to the remote computer's SSH server using an encrypted connection, meaning that your username and password are encrypted before they leave the local machine. The SSH server then logs you in, and your entire login session is encrypted as it travels between client and server. Because the encryption is transparent, you won't notice any differences between telnet and the telnet-like SSH client.
I was under the impression that SSH was impervious to this type of eavesdropping, and quite frankly I take great comfort in that idea. I personally, only allow RSA keys for SSH access and (hopefully) avoid this problem (?) as a result. Does SSH really have a vulnerability in that the authentication is sent via plain text? How to ensure the security of SSH and not on anything that could be considered a how to 'crack' it.
View 6 Replies
View Related
Feb 26, 2010
I'm an absolute beginner at encryption. gpg and keys still have me somewhat mystified, so please forgive me if the following seems like a stupid question. I'm looking at encryption software for my smartphone. I've found a Java program called TinyEncryptor that uses the TwoFish algorithm and claims to be a shell for the "Legion of the Bouncy Castle" libraries. It just uses a passphrase; there are no keys involved as far as I am aware.
Naturally, I would like to be able to decrypt files on my desktop that I've encrypted with this program. So far, I've not had any success with finding one.
View 3 Replies
View Related
Mar 9, 2010
I just installed 9.10 on my laptop and selected the option for home folder encryption. I am running DropBox and placed the DropBox folder on my desktop (meaning it should be encrypted when I am logged out.) So I have two questions:
1) Shouldn't this setup cause my DropBox files on the server to be encrypted? Apparently they are not because they appear as unencrypted text using the DropBox Web interface.
2) If they were encrypted on the server (which doesn't appear to be the case right now), how would it be possible to share them with another client unless the encryption on both clients were set up identically?
View 7 Replies
View Related
Apr 26, 2010
While setting up my laptop on a new hard drive (a bad mobo caused writes which pretty much rendered teh old hdd unusable) I was asked if I wanted to encrypt my home partition.
I've been wanting this for several years - even going as far as trying to get a copy of CheckPoint. That's waht my organization uses on all Wintendo laptops and is required.
In any case, I said "yes" and am happily using my laptop with an encrypted home partition. I'm assuming based on this - [URL] - that it is using EncryptFS as the scheme.
if I were to misplace my laptop, how easy would it be for a forensics team to retrieve my data. Let's assume I have a fairly strong passphrase, such as BisZumBitterenEnd3. [URL]
View 5 Replies
View Related
May 3, 2010
I had some major problems after the recent Ubuntu upgrade and had to boot from a live cd. I have a separate /home partition, but it was encrypted using the default install encryption in the 9.10 install cd. How can I get to my files so I can back them up?
I have tried this but it did not work: http://ubuntuforums.org/showthread.php?t=1337693
View 9 Replies
View Related
Jun 11, 2010
I'm using 10.04 with encrypted home dir. I think the behavior below is wrong:
I can log in as root and change user's password. After that the user can log in using new password, which is normal, but it can also decrypt its home dir using the new password, which is dangerous. Assume I lost my computer. This encrypted home dir will not protect my private data because whoever gets the computer can boot it up with a livecd and chroot to change my user's password and then boot up my system and log in using new password.
View 3 Replies
View Related
Jul 19, 2010
Let's begin from the top. I have a relatively new laptop that I've been running Ubuntu on (along with a little-used Windows boot). Picked it up in November or so, installed the current "latest" version of Ubuntu at the time (9.10). I have been doing incremental upgrades, and it's been progressively breaking down more and more. Yes, this includes 10.04.
After GRUB stopped working, I decided it was time to try a reinstall from the top. I told it to leave all the other operating systems alone and do a full reinstall.
Fortunately, I had managed to stuff most of my current work in duplicate locations during this whole debacle, somehow. Don't ask me how I managed to do that when GRUB wasn't working. However, when I installed, I conscientiously said "Oh, yes, Ubuntu, encrypt my home folder! I love privacy!" As a result, about... 30 gigabytes of useful (but ultimately re-downloadable) material is rather inaccessible at the moment. When I try to boot the old system using the newly fixed GRUB, it goes into kernel panic. This seems like a no-go.
I have a saved hojillion-character long passphrase for decryption from my install back in November. Conscientiously saved in the case of just such an emergency.
I read this how-to and followed it to the letter as far as I could tell, trying to mount with ecrytfs to recover my data.
[USERNAME] here is a proxy for my actual username. Yes, the location of my old home folder may seem a little bizarre.
Code:
sudo mount -t ecryptfs /media/c82ca9fe-2b15-4aca-a98d-6482b1d80a32/home/[USERNAME]/ /home/[USERNAME]/oldhome
Passphrase:
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
[Code].....
View 9 Replies
View Related
Nov 13, 2010
I've just reinstalled my box with an encrypted home (used the encrypt home option when installing). I have a query in this regard - suppose I lose the box. Won't it be possible for someone to drop into root, reset my passwd and then access my /home. Is there anyway of having a different passwd for accessing /home? My ~ is on a different partition from /.
View 3 Replies
View Related
Apr 8, 2011
I have to operating systems installed, Ubuntu 10.10 and Windows 7, working perfectly. I also have a partition, currently empty, to be shared between both OS, but I would like that partition to be encrypted.
View 2 Replies
View Related
Apr 25, 2011
I'm running Thunderbird with Enigmail, and I have this very annoying problem. When I open an encrypted email for the first time, it asks me for my key password. It then remembers my password. This is fine for a few minutes, since I don't want to enter the password every time if I look at seven emails in five minutes. However, I WOULD like it to EVENTUALLY forget. At the moment, it doesn't even forget if I shut off Thunderbird. I have to restart my computer, in fact.
The preferences for Enigmail don't help. I've configured it to remember the password for 0 minutes, for example. I don't know how to edit the preferences for gpg-agent or anything else like that.
View 2 Replies
View Related
Jan 25, 2011
I want to install Ubuntu 10.04 in my USB flash drive and boot from it because in my working place, only centos is installed in workstations.In advance, I thought of encrypting the installation of Ubuntu in the USB flash drive and In would be very thankfull if some can give me some help regarding this.Basically what I need is, encrypted Ubuntu installation in my usb fashdrive and can boot from it.
View 2 Replies
View Related
Feb 22, 2010
I'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.
View 9 Replies
View Related
Feb 25, 2010
I have recently recovered from an HDD failure on my Drobo. One of the disks died and corrupted the entire array (which is not supposed to happen). I have since managed to copy the data off onto smaller disks and after replacing the failed drive, have copied everything back.
Now that im up and running again, i was wondering how this situation would play out on encrypted disks, or in the case of a drobo a large encrypted partition (as you cannot encrypt the entire array).
Would i still be able to recover the data if i were to encrypt it? It is a 4.2TB array, and i assume that I would need to copy the data in its entirety to recover it, so using multiple smaller disks would be out of the question right?
View 5 Replies
View Related
