27
How secure is my local backup drive with sshfs?
(discuss.tchncs.de)
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil.
No spam.
Posts are to be related to self-hosting.
Don't duplicate the full text of your blog or readme if you're providing a link.
Submission headline should match the article title.
No trolling.
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
You've made a great start. How much further you go depends on your needs and threat model.
Rsync is ok as a start but there are dedicated backup tools that will give you access to your files at any point in time. This is important if you delete a file and later need it back after an rsync has already run and deleted it remotely too.
Rsync will not encrypt your backups. If a burglar takes your Pi will they have easy access to all your files too?
With rsync+ssh you are also vulnerable to either yourself (more likely) or a rogue process on your own machine deleting the files over ssh (e.g. ransomware attack).
The answer to that is append-only backups. A backup tool like restic has a backend you can host that does exactly this:
https://github.com/restic/rest-server
Take a look at restic to see what else you gain from switching to a dedicated tool versus rsync:
https://github.com/restic/restic#design-principles
There are others too such as borg.