2014-02-28 // Backup verschlüsselt auf FTP-Server speichern
Viele Hosting-Anbieter stellen kostenlosen FTP-Backupspace zur Verfügung. Da die Daten bei FTP unverschlüsselt übertragen und später gespeichert werden, sollte jeder sicherheitsbewusste Admin seine Backups vorher verschlüsseln. Ich habe da mal etwas vorbereitet 
Benötigte Pakete:
opensslpvncftp
Installation unter Debian
aptitude install openssl pv ncftp
Beispiel
dev:~$ ftpbackup backup.gz
BASH Skript
- ftpbackup
#!/bin/bash # FTP Login HOST='ftp.example.com' PORT='21' USER='foo' PASS='bar' # Encryption ENCKEY='!! CHANGE-ME !!' DIGEST='sha256' CIPHER='aes-256-cbc' SUFFIX='.enc' if [ $# -lt 1 ]; then echo -e "Encrypt and upload a file to ftp://$HOST\n" >&2 echo -e "Usage: $(basename "$0") <file>\n" >&2 exit 1 fi if [ ! -f "$1" ]; then echo -e "Error: File '$1' not found.\n" >&2 exit 1 fi checkBinarys() { BINS=("$@") for BIN in "${BINS[@]}"; do hash $BIN 2>/dev/null || { echo -e "Error: Binary '$BIN' is missing.\n" >&2 exit 1 } done } # Check if all needed binarys are present checkBinarys "openssl" "pv" "ncftpput" # Encrypt & Upload openssl "$CIPHER" -salt -md "$DIGEST" -k "$ENCKEY" -in "$1" | pv -bper -s $(stat -c%s "$1") | ncftpput -c -r 1 -u "$USER" -p "$PASS" -P $PORT "$HOST" /"$1$SUFFIX" || { echo -e "\nError: Upload failed.\n" >&2 exit 1 }
Backup wieder entschlüsseln
dev:~$ openssl aes-256-cbc -d -salt -md sha256 -k '!! CHANGE-ME !!' -in backup.gz.enc -out backup.gz
Leave a comment…
- E-Mail address will not be published.
- Formatting:
//italic// __underlined__
**bold**''preformatted'' - Links:
[[http://example.com]]
[[http://example.com|Link Text]] - Quotation:
> This is a quote. Don't forget the space in front of the text: "> "
- Code:
<code>This is unspecific source code</code>
<code [lang]>This is specifc [lang] code</code>
<code php><?php echo 'example'; ?></code>
Available: html, css, javascript, bash, cpp, … - Lists:
Indent your text by two spaces and use a * for
each unordered list item or a - for ordered ones.
