Enable LUKS encrypted USB disks to backup safely
I would like to add my vote to this feature : allow backup in web interface to encrypted USB hard drives with LUKS/Cryptsetup.
It would be in my opinion relatively easy to add this feature, as the package is available for debian Jessie as Luks is available :
apt-get install cryptsetup
We can then create LUKS volume on USB disks, and allow automatic unlocking if a special keyfile is present. The keyfile could be on a USB stick to store it separately also.
I manually did it with a cron task that unlocks the luks volume then mount the partition, does a rsync, and then unmounts and locks the volume.
I just had a surprise that if the mount operation did not work correctly I had to check for the disk, else the 4GB root partition fills up very quickly!
Here are my sources :
Here is my CRON task :
file : /media/mount_rsync_umount.sh
cryptsetup -d /secure/keyfile.luks luksOpen /dev/sdj1 LUKS0001
cryptsetup -d /secure/keyfile.luks luksOpen /dev/sdh1 LUKS0001
cryptsetup -d /secure/keyfile.luks luksOpen /dev/sdg1 LUKS0001
cryptsetup -d /secure/keyfile.luks luksOpen /dev/sdi1 LUKS0001
cryptsetup -d /secure/keyfile.luks luksOpen /dev/sdk1 LUKS0001
mount /dev/mapper/LUKS0001 /media/sdg1
mount /dev/mapper/USB /media/sdg1
rsync -av --exclude-from '/media/exclude-list.txt' "/VOLUME" "/media/sdg1/" > /VOLUME/RSYNC_LOGS/log.log
cryptsetup luksClose /dev/mapper/LUKS0001
cryptsetup luksClose /dev/mapper/USB
sorry if it not very clean I am not a full time Debian/Bash admin
Hope it helps!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.