Not sure when it was added 17 is before I used bareos. In your job emails do you see PSK anywhere? By default it logs and tries to encrypt unless disabled.
This is over the wire from client to sd not at rest. Sent from my iPhone Brock Palen > On Dec 30, 2020, at 11:05 AM, Gonçalo Sousa <[email protected]> wrote: > > My bareOS is 17.2 does it encrypt my default? > >> On Monday, December 21, 2020 at 4:34:02 PM UTC [email protected] >> wrote: >> Personally I would not use data encryption at the client if not required. >> Use the newer versions of Bareos where it uses PSK (pre shared keys) using >> the password to set up an encrypted tunnel over which the data rides. Thus >> it lands on your SD unencrypted but the data is encrypted over the wire. >> >> If you need encrypt the data at rest use LVM or Fuse encryption for disk >> volumes, and LTO encryption for tape. This will encrypt the data at rest, >> but avoid managing keys for clients. Also makes restores not dependent on >> those SSL certs only for the disk volume and tape which is all managed on >> the server and can be easily replicated by the admin team. (I keep all my >> tape secret in 1password encrypted note and GPG encrypted file, and only >> needed if I lose my catalog dump/backup, which is treated differently than >> my client backups). >> >> >> The only reason I see today to use File Damon Encryption as documented in >> that page is if you need to promise the client you cannot access their data. >> That is _only_ true if only the client has the private key, AND to double >> what MK said there is huge risk that the client will lose that key and not >> have it recoverable when you need to do a restore. >> >> >> If you rely on encryption using PSK which should be automatic if any recent >> bareos version it’s much less error prone. >> Eg Look for: Connected Client: mlds at mlds:9102, encryption: >> PSK-AES256-CBC-SHA >> >> In your job logs. I do this all without managing certificates on the FD. >> >> >> Brock Palen >> [email protected] >> www.mlds-networks.com >> Websites, Linux, Hosting, Joomla, Consulting >> >> >> >> > On Dec 21, 2020, at 8:21 AM, Spadajspadaj <[email protected]> wrote: >> > >> > bareos-fd.conf is a configuration file for bareos-filedaemon. Bareos >> > filedaemon is the program running on the client which you are backing up. >> > >> > As per the documentation (which you already found), all data is encrypted >> > on client prior to being sent to server (or to Storage Daemon, to be >> > precise). >> > >> > But please, read the documentation again (and again if need be) so you >> > understand how it's working so you don't accidentaly lose your keys (and >> > hence any possibility of decrypting the backed up data!). >> > >> > >> > >> > Best regards, >> > >> > MK >> > >> > On 21/12/2020 14:14, Gonçalo Sousa wrote: >> >> Can someone help me please >> >> >> >> On Monday, December 7, 2020 at 4:04:51 PM UTC Gonçalo Sousa wrote: >> >> >> >> I am trying to implement data encryption on bareOS following this >> >> documentation: >> >> https://docs.bareos.org/TasksAndConcepts/DataEncryption.html >> >> >> >> I have already created/generated the .cert, .pem and .key files on the >> >> BareOS server. >> >> >> >> My question is where do I configure them, on the example only mentions >> >> bareos-fd.conf >> >> Is this file located on /etc/bareos/bareos-dir.d/client/ ? >> >> >> >> All the keys, pem and cert files must be located on the BareOS server >> >> right? >> >> All the configuration is only made on the BareOS right? >> >> -- >> >> You received this message because you are subscribed to the Google Groups >> >> "bareos-users" group. >> >> To unsubscribe from this group and stop receiving emails from it, send an >> >> email to [email protected]. >> >> To view this discussion on the web visit >> >> https://groups.google.com/d/msgid/bareos-users/955a1789-27f7-4f96-84a5-808aac6a2698n%40googlegroups.com. >> >> >> > >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "bareos-users" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to [email protected]. >> > To view this discussion on the web visit >> > https://groups.google.com/d/msgid/bareos-users/f370d739-65fb-5ed9-25da-30e78304258c%40gmail.com. >> > >> > > -- > You received this message because you are subscribed to the Google Groups > "bareos-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/bareos-users/d352fd1d-b75e-4089-acda-c9a8bc411effn%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "bareos-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/bareos-users/A1EFA3AB-AF9F-45DC-8253-2C1426CA5F93%40mlds-networks.com.
