Valid HTML 4.01 Transitional

Offsite Backup

James F. Carter <jimc@math.ucla.edu>, 2013-12-07

Los Angeles is earthquake country, plus a total loss of the home information resources is possible from fire. While we occasionally put a backup disc in our bank's safe deposit box, security of the box is not exactly absolute, particularly in an earthquake. We also have a fireproof box, which is believed to be fairly effective but which cannot be tested. An offsite backup server would give us a lot of peace of mind.

Ben may have partially agreed to let an offsite backup server onto his net.

Requirements

Implementation Possibilities

Unless Ben thinks of something spectacular with Windows, it looks like the Linux box is the cleanest solution.

Implementation Details

So the total price tag would be $401.

How to Use It

The SSH protocol can use a variety of crypto algorithms at each step. Currently with up-to-date versions at both ends, the initial key is synced by Elliptic Curve Diffie-Hellman key exchange. This is then used in the AES128-CTR algo with HMAC-MD5-ETM integrity checking. For mutual authentication the server has a ECDSA private key and the client has a saved copy of the certificate, and this particular client user has a RSA private key (2048 bits) for which the server has the certificate, or GSSAPI (Kerberos) can be used.

Here is the scenario for setting up and using this backup machine.