Viewing a response to: @l0k1/how-to-secure-a-server-with-an-encrypted-volume-to-back-up-your-home-folder
hiveblocksThe major problem with your approach is the `PASSWORD` is stored in clear text on your disk. Instead of using a password, I use SSH-keys. It works like this:
1. **Create a ssh key**
ssh-kegen
2. **Store the key in the server's authorized key**
ssh-copy-id <user@server>
This step adds the content of `~/.ssh/id_rsa.pub` (the public key) to the `~/.ssh/authorized_keys` file **on the server**. This file is used by the server to verify if the user is allowed to login (only if he has the corresponding private key)
3. **Login**
SSH automates the whole process with keyesxchange and stuff so that you only need to do
ssh <user@server>
If everything is setup properly you don't even need to provide a password.
Have fun!| author | xeroc |
|---|---|
| permlink | re-l0k1-how-to-secure-a-server-with-an-encrypted-volume-to-back-up-your-home-folder-20160907t060107508z |
| category | development |
| json_metadata | {"tags":["development"]} |
| created | 2016-09-07 06:01:06 |
| last_update | 2016-09-07 06:01:06 |
| depth | 1 |
| children | 2 |
| last_payout | 2016-10-08 05:43:09 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 1.270 HBD |
| curator_payout_value | 0.001 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 759 |
| author_reputation | 118,819,064,085,695 |
| root_title | "How to secure a server with an encrypted volume to back up your home folder." |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 1,155,610 |
| net_rshares | 2,357,723,053,966 |
| author_curate_reward | "" |
| voter | weight | wgt% | rshares | pct | time |
|---|---|---|---|---|---|
| anonymous | 0 | 375,843,464,624 | 100% | ||
| xeroc | 0 | 1,690,074,992,075 | 100% | ||
| steve-walschot | 0 | 145,711,133,864 | 100% | ||
| michaelx | 0 | 33,790,400,161 | 100% | ||
| mrhankeh | 0 | 523,414,717 | 100% | ||
| isteemit | 0 | 38,703,850,548 | 100% | ||
| billykeed | 0 | 1,862,836,189 | 100% | ||
| wildchild | 0 | 96,640,276 | 100% | ||
| paynode | 0 | 1,215,542,017 | 100% | ||
| stevescriber | 0 | 60,730,988 | 100% | ||
| loli | 0 | 51,247,757 | 100% | ||
| jaredcwillis | 0 | 8,260,249,844 | 100% | ||
| l0k1 | 0 | 3,607,401,833 | 100% | ||
| tracemayer | 0 | 57,921,149,073 | 100% |
Yeah, I think, though, what's the damn difference anyway? If someone gains control of my user account on my machine, does it actually matter if they have the password or SSH cert for the root of my backup server? The result is the same. It was just quicker for me to do it with a password. I don't have to remember it either, it's in my scripts. Good to remind me though, it should really be set to 700 mode. I am pretty sure they are though. btw, i think it's **ssh-keygen** , just a little typo. I don't think you get grammar nazi status in IT for typo correcting ;)
| author | l0k1 |
|---|---|
| permlink | re-xeroc-re-l0k1-how-to-secure-a-server-with-an-encrypted-volume-to-back-up-your-home-folder-20160907t081011276z |
| category | development |
| json_metadata | {"tags":["development"]} |
| created | 2016-09-07 08:10:12 |
| last_update | 2016-09-07 08:12:48 |
| depth | 2 |
| children | 0 |
| last_payout | 2016-10-08 05:43:09 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.000 HBD |
| curator_payout_value | 0.000 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 571 |
| author_reputation | 94,800,257,230,993 |
| root_title | "How to secure a server with an encrypted volume to back up your home folder." |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 1,156,452 |
| net_rshares | 242,307,857 |
| author_curate_reward | "" |
| voter | weight | wgt% | rshares | pct | time |
|---|---|---|---|---|---|
| realme | 0 | 242,307,857 | 100% |
As @l0k1 pointed out, simply using keys doesn't make much difference. But what you can do to improve the security of the server, is restricting the commands that can be run. You can do this by using the option `command="..."` in the `authorized_keys` file. Then, for each command you create a separate key. The man page `sshd(8)` has some information on this in the section "AUTHORIZED_KEYS FILE FORMAT".
| author | realme |
|---|---|
| permlink | re-xeroc-re-l0k1-how-to-secure-a-server-with-an-encrypted-volume-to-back-up-your-home-folder-20160907t160709003z |
| category | development |
| json_metadata | {"tags":["development"],"users":["l0k1"]} |
| created | 2016-09-07 16:07:12 |
| last_update | 2016-09-07 16:07:12 |
| depth | 2 |
| children | 0 |
| last_payout | 2016-10-08 05:43:09 |
| cashout_time | 1969-12-31 23:59:59 |
| total_payout_value | 0.000 HBD |
| curator_payout_value | 0.000 HBD |
| pending_payout_value | 0.000 HBD |
| promoted | 0.000 HBD |
| body_length | 404 |
| author_reputation | 49,351,409,465 |
| root_title | "How to secure a server with an encrypted volume to back up your home folder." |
| beneficiaries | [] |
| max_accepted_payout | 1,000,000.000 HBD |
| percent_hbd | 10,000 |
| post_id | 1,160,281 |
| net_rshares | 242,307,857 |
| author_curate_reward | "" |
| voter | weight | wgt% | rshares | pct | time |
|---|---|---|---|---|---|
| realme | 0 | 242,307,857 | 100% |