I'm trying to perform system backups from three or four client computers to a hard drive on a dedicated Linux server. I've spent about a week researching this, and setting up a test of what I'm trying to do. The backup data must be encrypted (preferably with something strong, e.g. aes256) both as it leaves the client computers (so that the data can't be intercepted on its way to the server) and as it's written to the backup hard drive. The backup space must somehow be mounted as a network drive on the client - this is absolutely necessary.
My solution was to set up Samba and TrueCrypt on Linux, have TrueCrypt use the entire hard drive as a container (only 1 partition on the hard drive, and it's not the same hd that the system is installed on), and mount it. Samba would then share the TrueCrypt mount.
I have some problems that I've unsuccessfully tried to Google that I'd like to ask about
- How do I encrypt the data as it moves between the client and the server? I've seen many tutorials on using ssh to tunnel port 139, but I know that Windows file sharing uses more ports than that, so I assume that's just for the purpose of bypassing firewalls and moving it to another port? Is there any way to use OpenSSL (I've looked into it but don't really understand how to apply it to this situation)? Should I use OpenVPN (I have no VPN experience or knowledge but if it's the best way I'm willing to learn)
- What does Samba do when the share that it's sharing doesn't exist? I ask because I'm running into trouble where I can unmount the truecrypt container (which is the samba share), but on the client I can still write to the Samba share (which theoretically shouldn't exist). It's likely that my Samba is misconfigured, correct?
I'd appreciate any help.