426 lines
13 KiB
HTML
426 lines
13 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
|
<head>
|
|
<title></title>
|
|
<!-- 2015-07-05 Sun 20:29 -->
|
|
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
|
<meta name="generator" content="Org-mode" />
|
|
<meta name="author" content="Bob Mottram" />
|
|
<meta name="description" content="Turn the Beaglebone Black into a personal communications server"
|
|
/>
|
|
<meta name="keywords" content="freedombox, debian, beaglebone, red matrix, email, web server, home server, internet, censorship, surveillance, social network, irc, jabber" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
|
<style type="text/css">
|
|
<!--/*--><![CDATA[/*><!--*/
|
|
.title { text-align: center;
|
|
margin-bottom: .2em; }
|
|
.subtitle { text-align: center;
|
|
font-size: medium;
|
|
font-weight: bold;
|
|
margin-top:0; }
|
|
.todo { font-family: monospace; color: red; }
|
|
.done { font-family: monospace; color: green; }
|
|
.priority { font-family: monospace; color: orange; }
|
|
.tag { background-color: #eee; font-family: monospace;
|
|
padding: 2px; font-size: 80%; font-weight: normal; }
|
|
.timestamp { color: #bebebe; }
|
|
.timestamp-kwd { color: #5f9ea0; }
|
|
.org-right { margin-left: auto; margin-right: 0px; text-align: right; }
|
|
.org-left { margin-left: 0px; margin-right: auto; text-align: left; }
|
|
.org-center { margin-left: auto; margin-right: auto; text-align: center; }
|
|
.underline { text-decoration: underline; }
|
|
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
|
|
p.verse { margin-left: 3%; }
|
|
pre {
|
|
border: 1px solid #ccc;
|
|
box-shadow: 3px 3px 3px #eee;
|
|
padding: 8pt;
|
|
font-family: monospace;
|
|
overflow: auto;
|
|
margin: 1.2em;
|
|
}
|
|
pre.src {
|
|
position: relative;
|
|
overflow: visible;
|
|
padding-top: 1.2em;
|
|
}
|
|
pre.src:before {
|
|
display: none;
|
|
position: absolute;
|
|
background-color: white;
|
|
top: -10px;
|
|
right: 10px;
|
|
padding: 3px;
|
|
border: 1px solid black;
|
|
}
|
|
pre.src:hover:before { display: inline;}
|
|
pre.src-sh:before { content: 'sh'; }
|
|
pre.src-bash:before { content: 'sh'; }
|
|
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
|
|
pre.src-R:before { content: 'R'; }
|
|
pre.src-perl:before { content: 'Perl'; }
|
|
pre.src-java:before { content: 'Java'; }
|
|
pre.src-sql:before { content: 'SQL'; }
|
|
|
|
table { border-collapse:collapse; }
|
|
caption.t-above { caption-side: top; }
|
|
caption.t-bottom { caption-side: bottom; }
|
|
td, th { vertical-align:top; }
|
|
th.org-right { text-align: center; }
|
|
th.org-left { text-align: center; }
|
|
th.org-center { text-align: center; }
|
|
td.org-right { text-align: right; }
|
|
td.org-left { text-align: left; }
|
|
td.org-center { text-align: center; }
|
|
dt { font-weight: bold; }
|
|
.footpara:nth-child(2) { display: inline; }
|
|
.footpara { display: block; }
|
|
.footdef { margin-bottom: 1em; }
|
|
.figure { padding: 1em; }
|
|
.figure p { text-align: center; }
|
|
.inlinetask {
|
|
padding: 10px;
|
|
border: 2px solid gray;
|
|
margin: 10px;
|
|
background: #ffffcc;
|
|
}
|
|
#org-div-home-and-up
|
|
{ text-align: right; font-size: 70%; white-space: nowrap; }
|
|
textarea { overflow-x: auto; }
|
|
.linenr { font-size: smaller }
|
|
.code-highlighted { background-color: #ffff00; }
|
|
.org-info-js_info-navigation { border-style: none; }
|
|
#org-info-js_console-label
|
|
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
|
|
.org-info-js_search-highlight
|
|
{ background-color: #ffff00; color: #000000; font-weight: bold; }
|
|
/*]]>*/-->
|
|
</style>
|
|
<link rel="stylesheet" type="text/css"
|
|
href="http://sachachua.com/blog/wp-content/themes/sacha-v3/foundation/css/foundation.min.css"></link>
|
|
<link rel="stylesheet" type="text/css" href="http://sachachua.com/org-export.css"></link>
|
|
<link rel="stylesheet" type="text/css" href="http://sachachua.com/blog/wp-content/themes/sacha-v3/style.css"></link>
|
|
<script type="text/javascript">
|
|
/*
|
|
@licstart The following is the entire license notice for the
|
|
JavaScript code in this tag.
|
|
|
|
Copyright (C) 2012-2013 Free Software Foundation, Inc.
|
|
|
|
The JavaScript code in this tag is free software: you can
|
|
redistribute it and/or modify it under the terms of the GNU
|
|
General Public License (GNU GPL) as published by the Free Software
|
|
Foundation, either version 3 of the License, or (at your option)
|
|
any later version. The code is distributed WITHOUT ANY WARRANTY;
|
|
without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
FOR A PARTICULAR PURPOSE. See the GNU GPL for more details.
|
|
|
|
As additional permission under GNU GPL version 3 section 7, you
|
|
may distribute non-source (e.g., minimized or compacted) forms of
|
|
that code without the copy of the GNU GPL normally required by
|
|
section 4, provided you include this license notice and a URL
|
|
through which recipients can access the Corresponding Source.
|
|
|
|
|
|
@licend The above is the entire license notice
|
|
for the JavaScript code in this tag.
|
|
*/
|
|
<!--/*--><![CDATA[/*><!--*/
|
|
function CodeHighlightOn(elem, id)
|
|
{
|
|
var target = document.getElementById(id);
|
|
if(null != target) {
|
|
elem.cacheClassElem = elem.className;
|
|
elem.cacheClassTarget = target.className;
|
|
target.className = "code-highlighted";
|
|
elem.className = "code-highlighted";
|
|
}
|
|
}
|
|
function CodeHighlightOff(elem, id)
|
|
{
|
|
var target = document.getElementById(id);
|
|
if(elem.cacheClassElem)
|
|
elem.className = elem.cacheClassElem;
|
|
if(elem.cacheClassTarget)
|
|
target.className = elem.cacheClassTarget;
|
|
}
|
|
/*]]>*///-->
|
|
</script>
|
|
</head>
|
|
<body>
|
|
<div id="preamble" class="status">
|
|
<a name="top" id="top"></a>
|
|
</div>
|
|
<div id="content">
|
|
<div class="center">
|
|
|
|
<div class="figure">
|
|
<p><img src="./images/logo.png" alt="logo.png" />
|
|
</p>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="center">
|
|
<table border="-1" cellspacing="0" cellpadding="6" rules="groups" frame="hsides">
|
|
|
|
|
|
<colgroup>
|
|
<col class="org-left" />
|
|
</colgroup>
|
|
<tbody>
|
|
<tr>
|
|
<td class="org-left"><a href="index.html">Home</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td class="org-left"><a href="#orgheadline1">Backup to USB</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td class="org-left"><a href="#orgheadline2">Restore from USB</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td class="org-left"><a href="#orgheadline3">Distributed backups</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td class="org-left"><a href="#orgheadline4">Restore from a friend</a></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div id="outline-container-orgheadline1" class="outline-2">
|
|
<h2 id="orgheadline1">Backup to USB</h2>
|
|
<div class="outline-text-2" id="text-orgheadline1">
|
|
<p>
|
|
First and foremost - <b>encrypt your USB drives</b>! Even if you think you have "<i>nothing to hide</i>" if you accidentally lose a USB thumb drive (it's easy to lose small objects) and it's not encrypted then potentially someone might be able to obtain enough information about you to commit identity fraud, take out loans, open bank accounts, etc. Use LUKS encryption. In Ubuntu you can do this using the <i>Disk Utility</i> application. Some instructions <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">can be found here</a>.
|
|
</p>
|
|
|
|
<p>
|
|
Insert a USB thumb drive into the front socket of the Beaglebone Black.
|
|
</p>
|
|
|
|
<p>
|
|
Log into the system and become the root user, then run the <i>backup</i> command.
|
|
</p>
|
|
|
|
<div class="org-src-container">
|
|
|
|
<pre class="src src-bash">ssh username@domainname -p 2222
|
|
su
|
|
backup
|
|
</pre>
|
|
</div>
|
|
|
|
<p>
|
|
Type in the password for the USB drive, then if this is the first time that you've made a backup then you will be prompted for your GPG key passphrase.
|
|
</p>
|
|
|
|
<p>
|
|
When the backup ends remove the USB drive and keep it somewhere safe. Even if it gets lost or falls into the wrong hands the content is encrypted and so is unlikely to become a source of leaks.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
<div id="outline-container-orgheadline2" class="outline-2">
|
|
<h2 id="orgheadline2">Restore from USB</h2>
|
|
<div class="outline-text-2" id="text-orgheadline2">
|
|
<p>
|
|
Insert the USB thumb drive containing your backup into the front socket of the Beaglebone Black.
|
|
</p>
|
|
|
|
<p>
|
|
Log into the system and become the root user, then run the <i>restore</i> command.
|
|
</p>
|
|
|
|
<div class="org-src-container">
|
|
|
|
<pre class="src src-bash">ssh username@domainname -p 2222
|
|
su
|
|
restore
|
|
</pre>
|
|
</div>
|
|
|
|
<p>
|
|
Enter the password for the USB drive, then you will be prompted to enter your GPG key passphrase. When the restore is complete you can remove the USB drive.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
<div id="outline-container-orgheadline3" class="outline-2">
|
|
<h2 id="orgheadline3">Distributed backups</h2>
|
|
<div class="outline-text-2" id="text-orgheadline3">
|
|
<p>
|
|
Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.
|
|
</p>
|
|
|
|
<p>
|
|
Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the <b>adduser <username></b> command when logged in as root and then give you the username and password via a secure method, such as on paper or via an encrypted email or via an XMPP chat using OTR. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will fail. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.
|
|
</p>
|
|
|
|
<div class="org-src-container">
|
|
|
|
<pre class="src src-bash">ssh username@domainname -p 2222
|
|
freedombone-remote
|
|
</pre>
|
|
</div>
|
|
|
|
<p>
|
|
You can then enter the usernames, domains and ssh logins for one or more remote servers. The system will try to backup to these remote locations once per day.
|
|
</p>
|
|
|
|
<p>
|
|
Very important is to take a copy of the contents of <b>backup.key</b>.
|
|
</p>
|
|
|
|
<div class="org-src-container">
|
|
|
|
<pre class="src src-bash">su
|
|
cat /etc/ssl/private/backup.key
|
|
</pre>
|
|
</div>
|
|
|
|
<p>
|
|
If the backup key doesn't yet exist then you can manually create it with:
|
|
</p>
|
|
|
|
<div class="org-src-container">
|
|
|
|
<pre class="src src-bash">freedombone-addcert -h backup
|
|
</pre>
|
|
</div>
|
|
|
|
<p>
|
|
Store it within a password manager on a USB drive which you carry with you. In the worst case scenario you'll be able to restore your system on completely new hardware if you have this key, so long as at least one of your friends servers is accessable via ssh.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
<div id="outline-container-orgheadline4" class="outline-2">
|
|
<h2 id="orgheadline4">Restore from a friend</h2>
|
|
<div class="outline-text-2" id="text-orgheadline4">
|
|
</div><div id="outline-container-orgheadline5" class="outline-3">
|
|
<h3 id="orgheadline5">With a completely new Freedombone installation</h3>
|
|
<div class="outline-text-3" id="text-orgheadline5">
|
|
<p>
|
|
This is the ultimate disaster recovery scenario in which you are beginning completely from scratch with new hardware and a new Freedombone installation (configured with the same username and domain names). It is assumed that the old hardware was destroyed, but that you have the backup key stored within a password manager on a USB thumb drive.
|
|
</p>
|
|
|
|
<p>
|
|
First log in and if you don't already have one then create a new friends list:
|
|
</p>
|
|
|
|
<div class="org-src-container">
|
|
|
|
<pre class="src src-bash">ssh username@domainname -p 2222
|
|
freedombone-remote
|
|
</pre>
|
|
</div>
|
|
|
|
<p>
|
|
Configure the remote server login details.
|
|
</p>
|
|
|
|
<p>
|
|
Now log in as root and restore the backup key which you have in your password manager.
|
|
</p>
|
|
|
|
<div class="org-src-container">
|
|
|
|
<pre class="src src-bash">su
|
|
editor /etc/ssl/private/backup.key
|
|
</pre>
|
|
</div>
|
|
|
|
<p>
|
|
Paste in the backup key, then save and exit.
|
|
</p>
|
|
|
|
<div class="org-src-container">
|
|
|
|
<pre class="src src-bash">chmod 600 /etc/ssl/private/backup.key
|
|
</pre>
|
|
</div>
|
|
|
|
<p>
|
|
Then use the command:
|
|
</p>
|
|
|
|
<div class="org-src-container">
|
|
|
|
<pre class="src src-bash">restorefromfriend <friends server domain name>
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div id="outline-container-orgheadline6" class="outline-3">
|
|
<h3 id="orgheadline6">On an existing Freedombone installation</h3>
|
|
<div class="outline-text-3" id="text-orgheadline6">
|
|
<p>
|
|
This is for more common situations in which maybe some data became corrupted and you want to restore it.
|
|
</p>
|
|
|
|
<p>
|
|
Log in as root:
|
|
</p>
|
|
|
|
<div class="org-src-container">
|
|
|
|
<pre class="src src-bash">ssh username@domainname -p 2222
|
|
su
|
|
</pre>
|
|
</div>
|
|
|
|
<p>
|
|
Then use the command:
|
|
</p>
|
|
|
|
<div class="org-src-container">
|
|
|
|
<pre class="src src-bash">restorefromfriend <friends server domain name>
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div id="postamble" class="status">
|
|
|
|
<style type="text/css">
|
|
.back-to-top {
|
|
position: fixed;
|
|
bottom: 2em;
|
|
right: 0px;
|
|
text-decoration: none;
|
|
color: #000000;
|
|
background-color: rgba(235, 235, 235, 0.80);
|
|
font-size: 12px;
|
|
padding: 1em;
|
|
display: none;
|
|
}
|
|
|
|
.back-to-top:hover {
|
|
background-color: rgba(135, 135, 135, 0.50);
|
|
}
|
|
</style>
|
|
|
|
<div class="back-to-top">
|
|
<a href="#top">Back to top</a> | <a href="mailto:bob@robotics.uk.to">E-mail me</a>
|
|
</div>
|
|
|
|
<script type="text/javascript">
|
|
var offset = 220;
|
|
var duration = 500;
|
|
jQuery(window).scroll(function() {
|
|
if (jQuery(this).scrollTop() > offset) {
|
|
jQuery('.back-to-top').fadeIn(duration);
|
|
} else {
|
|
jQuery('.back-to-top').fadeOut(duration);
|
|
}
|
|
});
|
|
</script>
|
|
</div>
|
|
</body>
|
|
</html>
|