Hi All

CentOS5.x
We have a auto backup system that rsyncs all our vital data to a backup server over our network. The final step in this is to get the backup server to rsync with one of our remote sites for the off site backup.

We have lately been visited by the boys from .ru and .ro due to good passwords we have managed to keep the visitor out of the network, we also changed out ssh port away from the default for better security.

We would like the backup system to be totally automatic, when I was reading up on the bruteforce attacks I read recommendations that we should have ssh that need passwords to be manually inserted for extra security.

How secure is sharing NFS folders over the internet. we would configure only one host to have access to the share is this enough for us or should we think deeper here.

Advice and ideas would be very welcomed.

Hi,

Personally, I would never make an NFS share available over the Internet.

You're opening up your server to any insecurities in the NFS protocol and, as NFS is not encrypted, whenever you accessed a file it would be transmitted in plain text through the cloud.

If you already have SSH set-up and secured why not use 'rsync' over SSH?
http://troy.jdmz.net/rsync/index.html

Hope this helps.

NFS (v3) isn't encrypted, so completely wrong. v4 seems to support encryption, so try asking Google how to do it, and make sure both ends support NFS v4, etc.

I'd go with rsync over ssh or sshfs

Thanks for the input guys. I will maybe get back when/if I need help with passwordless ssh