I’m pretty sure I tested an amrecover (not a whole amrestore) with my setup, where the server does the encryption. And it worked, I mean. Or I wouldn’t have continued.
I might only have tested an amrecover ON the server though, and not on the client. Mine are all connected, so I guess I figured I could recover onto the server & transport later (more likely, it just didn’t occur to me to test from a client). Or maybe I did …. Let us know how your test works. Deb Baddorf On Mar 13, 2015, at 3:46 PM, Oscar Ricardo Silva <[email protected]> wrote: > The idea behind client encryption is to treat each server/sysadmin as an > independent operator and with encryption done by the client the contents of > the tapes (or in our case, vtapes) wouldn't necessarily be accessible to the > amanda server operator. > > Ultimately, server encryption gets us a little closer. We're already > transmitting the backups over ssh so that gets us some privacy over the wire. > I'll switch over one of my test systems to "server encryption" and see how > that works. > > Thank you for the reply and the "bump" > > > > Oscar > > > On 03/13/2015 03:33 PM, Debra S Baddorf wrote: >> Since you’ve gotten no answers yet (I know very little): might this be >> related to whether the client or the server >> is the one doing the unpacking of the dump, and in turn, which one of >> those also did the encrypting? >> >> I do some encrypting on one small set of nodes, but the server does the >> encrypting. I’m merely making sure the tapes >> are encrypted so they can be stored remotely. Any reason why you have >> the client itself doing the encryption? >> I suppose it is more private that way ….. specially if the data is going >> over the network and might be seen there. >> >> This is by way of starting a discussion, and also “bump”. >> >> Deb Baddorf >> Fermilab >> >> >> On Mar 12, 2015, at 5:21 PM, Oscar Ricardo Silva <[email protected]> wrote: >> >>> I've been testing encrypted storage of backups but am confused as to how to >>> restore files. In my setup, I run the backup server with other sysadmins >>> running the individual servers being backed up and ideally I'd like for >>> these sysadmins to restore files from the client systems without bothering >>> me ... I mean "without involving me" ... >>> >>> >>> I've had no luck restoring files using amrecover (one server encrypted with >>> amcrypt-ossl and another with amcrypt-ossl-asym) so I decided to review the >>> man page and saw: >>> >>> >>> *************************** >>> Note >>> The Default values are those set at compile-time. Use amrestore to recover >>> client-encrypted or client-custom-compressed tapes. >>> *************************** >>> >>> >>> >>> Does this mean that for the sysadmin of a client to restore files from an >>> encrypted backup, they can only use amrestore and not amrecover? amrestore >>> suggests (and I might be wrong) that the individual running it know a lot >>> about how the backups are stored. >>> >>> >>> The backups *SEEM* to run OK and using amrecover I can even browse the >>> files that were backed up. >>> >>> >>> I've reviewed the amanda HOWTOs and FAQ but while they describe the setup >>> for encrypted storage of backups, I don't believe there are examples on >>> restoring files. >>> >>> >>> >>> >>> Oscar >>
