So far I have a decent enough solution for backup my Linux machine onto my Linux server. However, I don't think I have the best solution to backup a family member's Windows machine onto this Linux server. I hoping I could get some others' opinions on how to automate this system, as well as improve security.

The Windows machine backs up to my Linux server by rsyncing over SSH (cwrsync). The target backup folder is encrypted in TrueCrypt, which the source (Windows) machine decrypts prior to running the rsync commands. The process looks like:
1) manually run c:\backup.bat
2) plink - enter ssh key passphrase - and pass the decrypt command and password, which is stored in the .bat in plaintext. This command is preceded by a space, and the server is set to not record history when commands are preceded by a space.
3) ssh (re-enter key passphrase again) and perform rsync
4) plink - enter ssh key passphrase - and re-encrypt the truecrypt folder. Again, this command is preceded by a space so as not to be recorded in bash history.

I don't have so much a concern about the password being stored in the source (Windows) machine .bat file as plain text, since that's the same location the source files (unencrypted) as stored. If someone has access to that .bat, they have access to all the source files in any case!

I use the same method for my linux-linux backups, but I do recognize I have some better ways of doing this - maybe something like rsyncrypto. I will look into that in the coming weeks. But my primary concern here is the Windows-Linux backup, since that seems the most problematic. I do have 2 primary concerns with it:

First, aside from the target's bash history file, are these commands (i.e., the truecrypt password that's being sent plaintext via the .bat file) potentially being stored elsewhere in my linux server? Where / how can I check?

Second, is there a way to better automate this 'solution'? Should I drop this entirely and go with, say, the Crashplan offline (non-cloud, PC to PC - see http://www.crashplan.com/consumer/crashplan.html) backup software? I dislike using a service where I have to register, or any of my information is stored with third party, but I also acknolwedge that that may be by far the easiest and potentially a more secure method of data backup - and that's what matters most.

I suppose a more user-friendly approach would be to create a local truecrypt folder, do the dycryption locally, sync to that local folder, recrypt, and then simply rsync that file folder with the Linux box. This would be the same manner I was using for dropbox backups. I figured, though, that this would just create a duplicated waste of 250GB (that's how big the backup folder is!).

I'd greatly appreciate any suggestions or further information! Thanks a ton!!

What are you trying to accomplish exactly? There really is not a good way to do things in Windows usually.

Is your Windows and Linux two different machines? If it is the same machine, then use a Fat32 partition to copy your Windows stuff to Linux distro and then back it up from there. Otherwise I would say the best option is to setup "secure FTP". In Linux you can also move data using SSH connection to the server. I don't think the same is possible in Windows.

Perhaps you can say something more about the setup you have.
Is the server on the internet or just a home network server?
What exactly are you trying to backup?

could you not setup a share point from the MS system, mount it as CIFS in the linux box and just use rsync to pull the data across?

I would run automatic backups to a network mount on the linux server. I have used Acronis for that job, which allows for incremental and encrypted backups. No cloud, no registering. Of course it isn't open source and it costs money, but the same can be said for Windows.

Thanks for all the responses!

I installed this little fanless computer, with only CentOS, in a relative's home. There are 2 backups going on here:
1. I backup my files from my primary (Fedora) computer, where I live, in one state, to this CentOS 'backup server', which is located in my relative's home. This is in another state.
2. My relative backsup their home (Windows 7) computer to the CentOS backup server. The Windows 7 computer and CentOS server are in the same household, on the same network.

For my own Fedora backups, I've been connecting via SSH and making a mirror of all my documents at night via Rsync, automatically via script. The backups made onto the CentOS computer are stored in a TrueCrypt folder on the CentOS computer. Because I'm working with lots of volume, how I managed the backup up to this point was to use HISTCONTROL=ignorespace in CentOS .bashrc, and in my SSH login script, actually send the TrueCrypt password to unlock and mount the TrueCrypt container, preceded by a space. The following line in my backup script then rsyncs Fedora with the backup PC. On logout, the bash script locks the TrueCrypt folder again. I keep the documents in TrueCrypt, locked, in case someone breaks in and steals (or hacks) the CentOS. This way, my files are protected - or at least as best as I knew how.

Regarding the Fedora - CentOS backup method, I have since discovered Duplicity. I know, it's been around for a while, but it's a continuous learning process, I guess. In any case, I plan to switch my Fedora - CentOS backup method from the TrueCrypt setup I have now to Duplicity in the coming weeks.

Now back to the biggest issue: automated Windows 7 to CentOS backup. As mentioned, the Windows 7 machine and the CentOS machine are on the same LAN. I'd like to have the same setup so that the backup files are encrypted on CentOS.

I really like that these backups from Acronis are incrimental and encrypted.

I liked this suggestion. So basically how this would work would be a sync of the Windows files to the shared folder, which in essence would be syncing to the Linux folder? I think this will still leave the backed up files unencrypted on the CentOS system; to encrypt them, I'd either have to leave the decryption key in memory (to decrypt in order to rsync) or pass the password plaintext to decrypt, so this still leaves the same issue.

These responses gave me some new perspective, and with this, I did another search and found some instructions on mounting the Linux folder in Windows - http://www.alirezabagheri.com/blog/?p=67.

If I can mount, and I can write as well as read, then I can use some native Windows application to do a secure backup to the mapped network location, right? Or, in the worst case, I can use the same old TrueCrypt decryption method I'm using - passing the password in plain text - except that this time, it wouldn't go over the network and get run on the CentOS machine. Rather, the Windows TrueCrypt program would mount the TrueCrypt volume (accessible on the shared CentOS folder) on the Windows machine. The password would be passed to decrypt this folder, plain-text, also only on the Windows machine - which doesn't really matter, since this is where all the important files to be backed up are any way, so no additional risk. I could then use some Windows incrimental backup program.

What do you think of that approach?

Thanks again for the responses!!

Thanks for the info. This is an interesting scenario ofcourse. How I would do that basically depends if I would want completely automatic backup, partially automatic and partially manual or only manual.

Personally I always dislike automatic stuff.

Runnning a secure server with encrypted data sounds like a good idea. As I understand you want some kind of timed mechanism to store files at X days in between. You login on your server with the client machine, you decrypt and open the storage space automatically, drop the data there and then encrypt and disconnect the storage area again.

A server is a server. Most operating systems with the proper tools can manage to use it for the indended purpose. Since I really don't use Windows much anymore, I don't think I can be helpful. Putty however is something that comes to mind when you mention SSH. I think putty also has some other protocols, rsync?

For windows I would say it is all about getting the correct programs/tools to remotely log in on another server and utilise a truecrypt storage area. To automate everything you would need to script it somehow. I think that would take about 3 different programs in Windows, including or excluding the script.

I think it is merely an issue of finding the correct program in Windows to handle such a thing.
Hopefully someone on this forum can help you with your exact situation and wishes.




Since it's windows, secure ftp sure sounds like the easiest solution to me. But it does not sound like that is what you would like, even for the windows machine.



Let me know what you find out in the end. I would be interested in knowing, as I could also be looking into similar solutions in the future.

that being the case you have a few options.

1. create a share point on the Win7 box that the CentOS backup server can then mount as a CIFS mount point and perform your backup of choice. mine is rsync.

2. setup Samba on the CentOS box, mount the network share on win7 and use automated tasks built into win7 to backup up the data to that network share.

Ive used both with good success.

You might also want to consider setting up X11 forwarding and RDP on win7, then setup/configure connecting from your home to CentOS to win7 for GUI remote access to the win7 box to verify that things are functioning properly for your family member.

IMHO option #1 is the easier and more reliable to setup/configure.

read the man page for rsync. it can encrypt on the fly, then if you have encrypted the storage location problem solved.

Since the size of the Windows 7 backup is not that great, I think I'm going to either go with
1) a local TrueCrypt container (by local, I mean on the Windows machine) that I then either have the user rsync over ssh with keyfile plus password, or rsync over ssh with keyfil without password, depending on how the user feels about enterring a PW manually every time
-or-
2) Give Duplicati a shot. Supposedly that works with SSH & keyfiles. I gave the program a quick view, but don't know since I haven't tried it.

I prefer the above 2 vs something like Crashplan's software. It's got nothing to do with politics - I just worry that it's going to route information or a connection outside of the LAN and that's more likely to be a security problems than a program that keeps everything behind the firewall. I'll give Duplicati a shot over the next weeks, and so will post back with how it worked out.

As for the Fedora-CentOS offiste backup, I do like the Duplicity idea very much, but the problem I envisage is with the full backups. Most posts I've read indicate that it's a good idea to do a "full" backup once a month. The problem: I'm on a cable modem, and I have a minimum of 60 gigs I want to back up (I'd prefer to backup the whole enchilada, so like 170GB). Cable modem uploads are not too fast, so it would literally be probably at least a full day every month - and what if the upload fails during that time? I would have to start over. It would be a different situation if I had FiOS, in which case I could do the full backup of the 60GB in just several hours.

I'd of course like to stay with [an encrypted] rsync because the slow transfer speed for a full duplicity backup is prohibitive, however, I didn't see anything in man rsync regarding the encryption of the rsynced files. I did a lot of searches online as well, but didn't find anything. If I can do this, then problem solved. Can you point me in the right direction?

Thanks!

rsync is encrypted via the ssh connection. keep in mind you can ssh even local.