freedombonee/doc/backups.org

4.5 KiB

/free/freedombonee/src/commit/2154e30aaa44feb91fb8c5ac215d9abaeb13d693/doc/images/logo.png

Backup to USB

Insert a USB thumb drive into the front socket of the Beaglebone Black.

Log into the system and become the root user, then run the backup command.

su username@domainname -p 2222
su
backup

If this is the first time that you've made a backup then you will be prompted for your GPG key password.

When the backup ends remove the USB drive and keep it somewhere safe. Even if it gets lost or falls into the wrong hands the content is encrypted and so is unlikely to become a source of leaks.

Restore from USB

Insert the USB thumb drive containing your backup into the front socket of the Beaglebone Black.

Log into the system and become the root user, then run the restore command.

su username@domainname -p 2222
su
restore

You will be prompted to enter your GPG key password, then when the restore is complete you can remove the USB drive.

Distributed backups

Distributed backups are a better way of ensuring the persistence of your data, such that even if your system gets stolen or destroyed then the data will still be recoverable from your friends. Since the backups are encrypted your friends (or anyone else with access to their systems) won't be able to read your backed up content even if their systems are subsequently compromised.

Firstly you will need to have a user account on one or more of your friends servers. They don't necessarily need to be using Freedombone, just some version of GNU/Linux with ssh access. They can create a user account for you with the adduser <username> command when logged in as root and then give you the username and password via a secure method, such as on paper or via an encrypted email or via an XMPP chat using OTR. Make sure that the password used is a strong one - preferably a long random string stored in a password manager - so that dictionary attacks will fail. Also for maximum resilience put your password manager file onto a USB thumb drive and carry it with you.

To add friends servers create a file called backup.list in the following way.

ssh username@domainname -p 2222
emacs ~/backup.list

Add entries like this. The numbers are the ssh port number to log in on.

username1@frienddomain1:2222//home/username1 ssh_password1
username2@frienddomain2:2222//home/username2 ssh_password2
...

Save and exit with CTRL-x CTRL-s then CTRL-x CTRL-c, then type exit.

The system will try to backup to these remote locations once per day.

Restore from a friend

With a completely new Freedombone installation

This is the ultimate disaster recovery scenario in which you are beginning completely from scratch with new hardware and a new Freedombone installation. It is assumed that the old hardware was destroyed, but that you have the passwords stored within a password manager on a USB thumb drive.

First log in and create a new friends list:

ssh username@domainname -p 2222
emacs ~/backup.list

Add entries like this. The numbers are the ssh port number to log in on.

username1@frienddomain1:2222//home/username1 ssh_password1
username2@frienddomain2:2222//home/username2 ssh_password2
...

Save and exit with CTRL-x CTRL-s then CTRL-x CTRL-c.

Now log in as root and edit the restore script.

su
emacs /usr/bin/restorefromfriend

Recover your backup password from your password manager and set the PASSPHRASE variable accordingly.

Save and exit with CTRL-x CTRL-s and CTRL-x CTRL-c.

Then use the command:

restorefromfriend <friends server domain name>

On an existing Freedombone installation

This is for more common situations in which maybe some data became corrupted and you want to restore it.

Log in as root:

ssh username@domainname -p 2222
su

Then use the command:

restorefromfriend <friends server domain name>