19
How secure is my local backup drive with ssfhs?
(discuss.tchncs.de)
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil.
No spam.
Posts are to be related to self-hosting.
Don't duplicate the full text of your blog or readme if you're providing a link.
Submission headline should match the article title.
No trolling.
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
It sounds pretty reasonable. As long as you keep SSH patched and keep the key safe it should be quite locked down. Do double-check that password login isn't allowed (or that all users have a very strong password).
One non-security note is be careful with rsync backup. Generally rsync isn't considered a backup as any mistakes made in the source will be propagated to the "backup" on next sync. Although there are ways to use rsync to take good backups (like copying to a new directory for each backup).
This might be a dumb question, but can I assume the keys are safe in the standard .ssh directory on Linux? Is there anything I should explicitly do to secure the private key?
You should be good with caveats:
chmod 700 ~/.sshchmod 600 ~/.ssh/id_rsaor id_ed25519, etc.chmod 644 ~/.ssh/id_rsa.pubYou can check with:
ls -la ~/.ssh/And of course encrypting the drive the files are on.
Generally speaking it will be fine. SSH will also refuse keys with open permissions so you would notice if it was wide-open to other users of the device.
But you know if you are running random code or AI harnesses as that user it can be at risk. Or if you copy around the key all over the place it is more likely to leak. But generally speaking you are secure by default, just don't do something dumb with the key and you'll have no problems.