TechDocs/OfficeBackUp

Features

This backup script is a graphical wrapper for duplicity. For the older encfs based backup see /encfs.

Limitations

... as of 2016-08-25 (svn rev. 283)

Setup and Use

Software Requirements

Use your package manager to make sure the above mentioned software is installed. Then download and run backup.sh. Usually you will have to set the executable flag before running a downloaded file.

Technical Idea

From the duplicity manual:

  • Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.

Duplicity is a command line based tool. This script provides a graphical wrapper, handling authentication and setup. Bckup runs are kept incremental for 6 month, after 6 month a new full backup will be performed.

Authentication

All data transfer to and from the backup server is done via Rsync/SSH. Each backup user has a separate system account on the backup server. Authentication to the server is performed via ssh public key. The backup program generates its own ssh keypair. The same passphrase is used for the ssh key and the backup encryption.

Changing a password

Should the passphrase be changed, it must be changed for the ssh key, and for existing backup archives. The latter is tricky. It is also possible to start a new backup chain, by performing a full backup manually. However, when this is done the old passphrase is still required for restoring existing archives.

Setup on Backup Server

The backup server must provide ssh public key logins for each user as well as rsync.

The backup server in the Berlin office is a RaspberryPi model 1B+ running raspbian wheezy. The system was installed via the Raspbian unattended installer. As storage device we use an external hard disk attached to the computer and running 24/7. Backup users currently have full shell access.

TechDocs/OfficeBackUp (last edited 2016-08-25 14:15:57 by paul)