×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Secure File Storage Over Non-Trusted FTP?

kdawson posted more than 5 years ago | from the beeping-sounds-while-backing-up dept.

Software 384

hmckee writes "Does any software exist that enables me to store/backup/sync files from my local computer to a non-trusted FTP site? To accomplish this, I'm using a script to check timestamps, encrypt and sign the files individually, then copy each file to an offsite FTP directory. I've looked over many different tools (Duplicity, Amanda, Bacula, WinSCP, FileZilla) but none of them seem to do exactly what I want: (1) multi-platform (Windows and Linux), stand-alone client (can be run from a portable drive). (2) Secure backup (encrypted and signed) to non-trusted FTP site. (3) Sync individual files without saving to a giant tar file. (4) Securely store timestamps and file names on the FTP server. Any help or info on alternative solutions appreciated."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

384 comments

I knew a guy who always had headaches (4, Insightful)

BadAnalogyGuy (945258) | more than 5 years ago | (#24641803)

This guy was always complaining about headaches. He would constantly be pounding his head into his fist and whimper to me that he felt like his head would split open. He took pain killers all the time, and for a long duration was addicted to a certain prescription pain medication. But none of that helped because as soon as the medication started to wear off, the pain would come right back again.

Finally, I had had enough of his complaining. I told him to stop pounding his head with his fist. Whaddayano! His headaches went away in a day.

Moral of the story: Don't try to find workarounds for your problem. Fix the problem.

Re:I knew a guy who always had headaches (1)

ettlz (639203) | more than 5 years ago | (#24641991)

A slightly less acerbic answer is "Get Python, and code it yourself, schmuck!"

Re:I knew a guy who always had headaches (1)

hmckee (10407) | more than 5 years ago | (#24642241)

Hey, I'm already doing that! The problem there is putting a Python installation on my portable drive.

Anyway, the parent is absolutely correct about my problem IF I cared that much about my data. I could pay an extra $10 a month for SFTP/SSH service on my hosting account or use Amazon S3, but, really my data just isn't worth that much because it is personal files I already store in two other places.

To me, the problem seems to be if someone has implemented a secure pseudo-filesystem over FTP. I tried looking for that but couldn't find anything.

Thanks for the laughs.

Re:I knew a guy who always had headaches (5, Funny)

GigaHurtsMyRobot (1143329) | more than 5 years ago | (#24642259)

If you don't really care about your data, why are you asking slashdot how to keep it safe? You already have the answer, it costs $10, now get off my lawn.

Re:I knew a guy who always had headaches (5, Funny)

mccabem (44513) | more than 5 years ago | (#24642343)

#10,407's got you by 1,132,922 membership points, #1,143,329.
#10,407 and #44,513 both want you off HIS lawn right now.

Sincerely,
Membership Police

Re:I knew a guy who always had headaches (4, Informative)

ettlz (639203) | more than 5 years ago | (#24642295)

Hey, I'm already doing that! The problem there is putting a Python installation on my portable drive.

What about Portable Python [portablepython.com] ?

To me, the problem seems to be if someone has implemented a secure pseudo-filesystem over FTP. I tried looking for that but couldn't find anything.

If I understand your problem, you want the remote image encrypted, right? In which case SFTP/FTPS is redundant overhead (and whatever data is sent is stored in its plaintext). This is something that might be possible with FUSE (e.g., use the Python-FUSE bindings to construct an FTP client that passes stuff through GnuPG first).

Thanks for the laughs.

Heh, you'd be surprised how many people around here lack a sense of humour.

Re:I knew a guy who always had headaches (1)

ettlz (639203) | more than 5 years ago | (#24642493)

In which case SFTP/FTPS is redundant overhead

I take that back, it secures the auth bit.

Re:I knew a guy who always had headaches (4, Insightful)

stephanruby (542433) | more than 5 years ago | (#24642301)

Yeah, I don't get this guy. First, he says he wants it for his home computer. Then, he says it has to be multi-platform (Windows and Linux) plus stand-alone that can be run from a portable drive.

And I say why? Let's assume for a moment that this guy has two computers at home, one that runs Linux and one that runs Windows. He doesn't need an app that does everything perfectly on both platforms. He just needs an app that does it perfectly on one, and either one is fine really. If he prefers to use his Linux box to coordinate the secure backup to an untrusted FTP site, then he just needs to have his Windows machine send the data unencrypted over to his Linux box -- then his Linux box can just do the bulk of the job. Or if he prefers to do it the other way around and use his Windows machine to do the secure backup to the untrusted site, he can just use that and have his Linux box send the data unencrypted to his windows machine.

And of course, why does it even need to go onto FTP instead of SFTP? Instead of wasting valuable man-hours reinventing SFTP from scratch, or finding someone else that has, he could just pay a few dollars to a provider who will give him SFTP. And if his current Provider won't do that, get an other additional provider that will do it. If backing up is really as important as he seems to make it, then spending a few extra dollars each month shouldn't be a problem.

Re:I knew a guy who always had headaches (3, Informative)

hmckee (10407) | more than 5 years ago | (#24642373)

I should have stated that the data wasn't THAT important since it's already backed up in two other places.

I was initially using Amazon S3 to do the backups, but since I had 20 GB of spare storage on my hosting site, I figured someone else must have tried doing the exact same thing because it's the cheapest solution. It didn't take me long to write a small script to encrypt files and send them to the FTP server, another reason I figured someone else may have done this. So, rather than extending the script, I thought I'd "Ask Slashdot" to see if anyone else had completed the exercise.

If it were REALLY important for me to have this storage, I'd go back to using S3 or spring an extra $10 a month to get my account upgraded to use SSH/SFTP.

As it stands now, I may just get a kick out of implementing the project for fun.

Re:I knew a guy who always had headaches (1)

stephanruby (542433) | more than 5 years ago | (#24642383)

Yeah, but you still haven't said why you need it to be multi-platform.

Re:I knew a guy who always had headaches (3, Informative)

hmckee (10407) | more than 5 years ago | (#24642459)

You are correct, the access from Windows is really of secondary concern. Still, it would be nice to access the data from work or the wife's computer.

I should have also added that I asked the question to see how much flaming and ridicule I could draw by asking about such a cheap-ass, overly complex solution that is simply solved by SSH/SFTP. :)

A slight oxymoron here. (-1)

josefcub (212738) | more than 5 years ago | (#24641809)

"secure" and "untrusted" don't go hand in hand. If you want security, don't put things in untrusted spaces. Period.

Re:A slight oxymoron here. (5, Insightful)

Whiney Mac Fanboy (963289) | more than 5 years ago | (#24641843)

"secure" and "untrusted" don't go hand in hand. If you want security, don't put things in untrusted spaces. Period.

Are you sure about that? I consider my SSH connections secure even tho' they traverse untrusted links. Same goes for my encrypted mails, https connections to my bank, etc.

Anyway, to the submitter - is areca [sourceforge.net] close to what you want?

Re:A slight oxymoron here. (1)

hmckee (10407) | more than 5 years ago | (#24642019)

Areca might work, I'll have to give it a spin. Thanks.

Re:A slight oxymoron here. (1)

Whiney Mac Fanboy (963289) | more than 5 years ago | (#24642053)

Areca might work, I'll have to give it a spin. Thanks.

No problem. Note that my post is not an endorsement of Areca, I just searched freshmeat for ftp encryption [freshmeat.net] and perused a few of the matches. Have a read through the other results, you might find something else worth looking at.

Not sure what sort of budget/skillset you're working with, but it'd also be pretty trivial to script up a solution that does what you're after too.

Re:A slight oxymoron here. (0)

Anonymous Coward | more than 5 years ago | (#24642045)

Mod up. Its one of those issues that people who don't think very hard about a problem before making a judgment will get wrong 90% of the time. These are not the type of people to take security advice from. Listen to the parent, his wisdom shines through.

Re:A slight oxymoron here. (1)

sumdumass (711423) | more than 5 years ago | (#24642195)

I'm not sure if SSH or HTTPS is a proper connection comparison. SSH attempts to secure the untrusted lines or roads the information is taking when the two endpoint are secure. It doesn't secure the endpoint. Same with HTTPS. From what I gather from the question asked, it seems like he wants to use HTTPS to access a regular HTTP site for some reason.

I'm not really sure why someone would be concerned about securing a link between two point when I can defeat that security at least as one of the end point. It would be an illusion to think you would be using any security at that point unless you want to avoid someone sniffing your connection to find what your sending. But the problem with that is that they will still know where your going and they can simply view it once you put it there. If they are quick enough, they can see what was there and what is there after your transfer an figure out what your sent. Password protection on the FTP site isn't enough to stop someone from viewing it. All they have to do is compromise a user with higher access levels which could see all your directories and with regular FTP, your user name and password isn't encrypted. You would need at least SFTP or some HTTPS equivalent at least on the server side. Of course encrypting the file before hand is an option but then you lose the ability to browse the files without a special viewer that can read the encrypted files or decrypting them first. Something like SFTP or STUNNEL or even SCP might work well with a script or even a program that can use it but I guess there are some server side requirements that might not be able to be addressed.

Re:A slight oxymoron here. (4, Insightful)

Anonymous Coward | more than 5 years ago | (#24641939)

"secure" and "untrusted" don't go hand in hand. If you want security, don't put things in untrusted spaces. Period.

I disagree. Everywhere you can store your files should be considered "untrusted". And "securing" the files is what we do to mitigate that reality.

Re:A slight oxymoron here. (5, Insightful)

Sparohok (318277) | more than 5 years ago | (#24642001)

If you want security, don't put things in untrusted spaces. Period.

Completely, utterly incorrect. It's a sad comment on the ambient understanding of data security that this got modded insightful.

Trust is seldom a good approach to security. Good security is when you can trust nobody and still sleep at night. That means strong encryption. That is exactly the approach implied by the article and it is exactly the right thing to do.

I think it is very unwise to ever assume any level of trust in the storage of backups, certainly offsite backups. The whole idea of backups is that you keep them around for a long time, in several copies and several locations. The more valuable your data, paradoxically, the more copies you need and the more widely dispersed they should be. This is antithetical to maintaining trust. The right way, indeed the only way out of this paradox is strong encryption.

Re:A slight oxymoron here. (1)

xalorous (883991) | more than 5 years ago | (#24642115)

Untrusted storage site means others can access the files.

Access means they can decrypt them. Given enough cycles, encryption can be broken.

If you want your encrypted files to be secure, keep your keys protected and do not allow access to the files.

IMO, preventing access to the files is priority, encryption is only there in case preventing access fails.

It boils down to acceptable risk.

Really is a pity (4, Informative)

pembo13 (770295) | more than 5 years ago | (#24641817)

I have explicitly asked my web host provider for either SFTP or FTPS. They basically said that it wasn't possible to provide that on a shared host. This seems untrue to me, I just can't state it as a fact since I haven't attempted it myself. But to get what the OP wants, one would essentially need a secure file system implementation on top of FTP. Ie. only the client can see the unencrypted file, not the in between transport over FTP, or the server side disk drive.

Re:Really is a pity (5, Informative)

ThePromenader (878501) | more than 5 years ago | (#24641883)

I'd translate "wasn't possible" to "couldn't be bothered". Once SSH installed (and it is there by default in most *nix distros), you have but one 'user' file to configure (to 'jail' you within a certain hierarchy). Ta-da! Change your host and use SFTP.

Re:Really is a pity (1, Interesting)

Anonymous Coward | more than 5 years ago | (#24641893)

Your webhost probably uses virtual accounts in the ftp server, or in some sort of db backend, that ssh can't talk to out of the box (ie not a real account). Plus, they don't want the overhead I guess, or the extra work for the 2 customers out of every 2000 who want it.

Re:Really is a pity (4, Informative)

EdIII (1114411) | more than 5 years ago | (#24642089)

It is ENTIRELY possible to provide that on any host, regardless of the number of users. All you are asking (correct me if I am wrong) is that the connection between you and the FTP server is secured through SSH or TLS.

That is trivial. Sounds like they cannot be bothered to enact rudimentary security. As a policy in my own systems, and any systems that I pay to use, I demand that any connections that go over untrusted networks be encrypted. There are so many products that help you do this it just makes their refusal all the more ridiculous. I have a product that does not support encrypted connections and I just stunnel to protect it.

Anything less is just reckless. Tell them to protect your connection or you will get another provider. Simple as that.

Re:Really is a pity (0)

Anonymous Coward | more than 5 years ago | (#24642193)

Why would you need sftp, if you encrypt the data before sending it's safe at transfer and at storage on a (public?) ftp server.

Re:Really is a pity (0)

Anonymous Coward | more than 5 years ago | (#24642331)

wow pembo13, I'm really surprised you don't know that. You generally seem to be pretty on top of things. But it does make me feel better about you marking me as a foe. Out of all of the people that have marked me as such, yours is the most confusing. But I guess if you don't know much about SFTP, I'm just going to assume that it was your mistake. Or maybe you just think I'm a jerk, you jerk.

hearts and kisses

Your foe.

PS Don't drink the coffee tomorrow.

Re:Really is a pity (1)

Rufus211 (221883) | more than 5 years ago | (#24642391)

They might be telling the truth, depending on how they share the hosts and how they have logins setup.

HTTPS is not possible with virtual hosts (where foo.com and bar.com are both running on 1.2.3.4). The reason being is that the HTTP server doesn't know if you're talking to foo.com or bar.com until after the connection has started, but it needs to send out one of their certificates in order to get the connection started.

I'd guess FTPS has the same issue, as the FTP server won't know what to respond as. SFTP/SSH do not have this issue since there are no 3rd party certificates that identify the server.

So basically if they let you SSH into the box, you can do SFTP and it'll just work. If they don't let you SFTP into the box and you're on a shared host with a shared IP address, they can't set it up to login directly to your account. They could setup ftps://ftp.myhost.com/foo.com or something, but that's a completely different infrastructure they might not have.

Vote with your feet: Get a new host (0)

Anonymous Coward | more than 5 years ago | (#24642413)

This seems untrue to me

It is untrue. But just because something is possible technically doesn't mean that every host will do it. If secure file transfers are important to you, find a new host.

Errr (1, Troll)

EEPROMS (889169) | more than 5 years ago | (#24641819)

Am I the only one thinking this is like someone saying they want privacy then running around butt naked then wondering how they can keep their privacy at the same time.

Re:Errr (3, Informative)

BadAnalogyGuy (945258) | more than 5 years ago | (#24641833)

No, it's more like someone running around naked outside holding a frosted pane of glass in front of them wondering if maybe they should also build a tool to hold a second pane of frosted glass behind them.

Re: Errr (4, Funny)

Whiney Mac Fanboy (963289) | more than 5 years ago | (#24641873)

Am I the only one thinking this is like someone saying they want privacy then running around butt naked then wondering how they can keep their privacy at the same time.

And the answer of course is security through obscuring. Wear a mask ;-)

(I guess you're not completely naked, but hey, close enough)

Re: Errr (4, Funny)

houghi (78078) | more than 5 years ago | (#24642253)

A rabbi and a minister went swimming naked at a lake when some children came. Both ran out of the water to their clothes.

The minister covered his 'private parts' while the rabbi covered his face. When the minister asked why the rabbi did not cover his genitals for the children, the rabbi said : "Hey they recognize me by the face."

Re:Errr (1)

twatter (867120) | more than 5 years ago | (#24641879)

Because of FTP? Maybe, but if the guy is moving encrypted tar files over FTP, then he's still secure.

Even if his userid/passwd are compromised, his data wouldn't.

Well, assuming he's using AES or something like that.

Re:Errr (5, Insightful)

Anonymous Coward | more than 5 years ago | (#24642075)

Even if his userid/passwd are compromised, his data wouldn't.

So if someone used his userid/passwd to delete his archive or overwrite it, his data wouldn't be compromised?

Or has the data no value, so the archive can be deleted/corrupted without loss? Then what is the use of archiving it at all?

Re:Errr (1)

hmckee (10407) | more than 5 years ago | (#24642257)

That was one scenario I hadn't thought of, but, since this is a copy of data I've already backed up in other places and check nightly, it's not a big deal if someone deletes it. Plus, it's not THAT valuable.

That would be a pain if someone was deleting it everynight. :)

Re:Errr (1)

axlr8or (889713) | more than 5 years ago | (#24642351)

of course the arguments could go on forever, but while most people whine about RIAA and the government tapping lines and such, it might be thoughtful to remember that making a connection with another computer and having someone look at its content is invasive, and therefore none of your business. I think it would be more accurate to say, someone wanting privacy running around clothed and having someone rip their clothes off. Now that sounds better. And to make it return to the context of this thread; Running around clothed but on a street full of blood thirsty rapists. Now, that sounds more like the real internet.

Re:Errr (1)

hmckee (10407) | more than 5 years ago | (#24642469)

Thanks for the suggestion, but my wife will be upset if I start running around the front yard naked. I'll try to come up with something else.

What is the problem? (1)

Daehenoc (233724) | more than 5 years ago | (#24641829)

What are you trying to achieve? It sounds like there is a problem there that you are trying to solve, but I'm sure there could be a better approach than sending encrypted files to an insecure FTP site.

Rather than whupping an old horse... (1)

ThePromenader (878501) | more than 5 years ago | (#24641837)

First off, everything you send over the web using the FTP protocol is non-encrypted - even your password. Secondly, to achieve your goal, you would need the modern-day technological equivilent of a '60's-era 'scrambler' telephone device - a coder on your end, and a decoder on the other (in this case, one on the server). I'm not so sure many hosts allow their clients to install programs on their servers (chuckle).

All you desire exists in a protocol that uses one additional letter - sftp. Its existence is partly due to the weaknesses of FTP, so I wouldn't worry yourself over trying to make an older outmoded technology 'work'. If your host won't take the SFTP (SSH) protocol, I suggest you find another.

Re:Rather than whupping an old horse... (1)

z0idberg (888892) | more than 5 years ago | (#24641901)

Secondly, to achieve your goal, you would need the modern-day technological equivilent of a '60's-era 'scrambler' telephone device - a coder on your end, and a decoder on the other (in this case, one on the server). I'm not so sure many hosts allow their clients to install programs on their servers (chuckle).

Are you reading the problem being he wants to encrypt -> ftp -> decrypt on the ftp host?
Seems to me like he just wants to encrypt -> ftp the encrypted files onto the ftp host. No decryption required at that end, so no programs to be installed on the ftp host.
The only place requiring decryption would be after pulling the files back off again.

Re:Rather than whupping an old horse... (1)

sumdumass (711423) | more than 5 years ago | (#24642239)

FTP send your user name and password unencrypted so encrypt->FTP the encrypted files->store on host encrypted wouldn't be secure if I was able to sniff your connection on either side. Unless that is if you don't mind me grabbing your files and attempting to break the encryption or just deleting them for you or maybe even infection them with some sort of trojan or worm so your compromised as soon as you restore the files or open them to browse through them.

FTP on a non trusted site isn't a workable scenario if security is in your mind.

kdawson should have unscrabled this one (0)

Anonymous Coward | more than 5 years ago | (#24641855)

I might be wrong but i think he is asking for a way to backup files to an ftp server storing them in an encrypted format. so although its on an ftp server and not really secure the files would have to be decrypted to be of much value.

Rsyn might work? (1)

php_krisp (858209) | more than 5 years ago | (#24641857)

If you're looking for a backup solution - using rsync might work for you? I think this can send files acros FTP. Also - it backs up incrementally - so you should file that your bandwidth isn't screwed in the process. As for being portable, it might take a bit of work, but we've got it running on a windows box through cygwin. http://en.wikipedia.org/wiki/Rsync [wikipedia.org]

Re:Rsyn might work? (0, Troll)

php_krisp (858209) | more than 5 years ago | (#24641867)

Spelt Rsync wrong - what an idiot... (thought I might as well say it so that others didn't)

Working On Something Similar (3, Interesting)

RAMMS+EIN (578166) | more than 5 years ago | (#24641859)

I'm working on a backup solution that allows people to back up their data to a remote server securely and efficiently. For "efficiently", think rsync: only the differences are sent (and some information necessary to identify what the differences are). For "securely", think assymetric cryptography: your backup is stored in encrypted form, so that only someone who possesses your private key can use it.

All this is currently in very early stages of design. I'd welcome any suggestions for protocols or software I could use. Currently, I am thinking to implement a transactional network block device protocol, and implement the backup protocol on top of that. I still need to decide on a programming language I can use for parts I need to write myself, too (something safe (no buffer overflows, please), yet with byte level access...and no Java or .NET, please).

By the way, this is going to be a commercial product, but the code and the protocols will be open. I'll charge for the storage and bandwidth. :-D

Re:Working On Something Similar (0)

Anonymous Coward | more than 5 years ago | (#24641981)

Why not just extend rsync ?

Will save you tons of programming and it has a large userbase (which means the regular-rsync userbase has tested the shit out of it for you already)

Re:Working On Something Similar (2, Informative)

sumdumass (711423) | more than 5 years ago | (#24642287)

GPL3 might be why. He would have to open what he does on his servers to make it work with the GPLv3. That might not be an option for this type of webservice.

If it was GPLv2, it might be a little better of an option except that Rsync wouldn't be able to do incremental backups unless it could decompress/decrypt all the files and then re-encrypt them without damage and when accessed. Storing information in a file index with mapping to the encrypted files would open the encryption to hacking and wouldn't be a good idea unless you could verify that something didn't change the stored file without updating it. So the server or host side has to be able to open the stored file, send something that says what we have already, then close it. And when your dealing with 100 changes in an employee handbook or something, that can start to take a lot of time and CPUs.

Doesn't sound like it will work (1)

Chuck Chunder (21021) | more than 5 years ago | (#24642107)

If the backup is going to be stored in encrypted form then how is efficient "rsync-like" difference identification going to be possible?

A small change in a source file will likely change everything following it in the encrypted version.

Re:Doesn't sound like it will work (1)

RAMMS+EIN (578166) | more than 5 years ago | (#24642215)

``A small change in a source file will likely change everything following it in the encrypted version.''

Yes, of course. This is one of the main challenges. :-D

Re:Doesn't sound like it will work (0)

Anonymous Coward | more than 5 years ago | (#24642511)

``A small change in a source file will likely change everything following it in the encrypted version.''

Yes, of course. This is one of the main challenges. :-D

idiot

Re:Working On Something Similar (2, Interesting)

davidkv (302725) | more than 5 years ago | (#24642111)

Have you checked out rsyncrypto [lingnu.com] ?

Re:Working On Something Similar (1)

RAMMS+EIN (578166) | more than 5 years ago | (#24642199)

No, but I will. It looks like it could be very useful to me. Thanks for the pointer!

Re:Working On Something Similar (1)

davidkv (302725) | more than 5 years ago | (#24642265)

There's also esync [zexia.co.uk] , but as far as I know (I emailed the guy a few years ago) he got swamped with other stuff and never got any further.

There's quite a bit of theory on his pages though. Might be of interest.

Re:Working On Something Similar (1)

sumdumass (711423) | more than 5 years ago | (#24642363)

Here is a suggestion, make sure something forces the user/admin on the client side to back up their encryption keys and settings to either something local or a combination of local and remote that isn't on the same computers being backed up. And make sure this is verified every so often by either requiring a "file" stored on the local backup to make the program work or simply make it refuse to work again without making another updated key and setting backup.

Nothing pisses me off more then walking into a job doing a bare metal recovery and everyone has encrypted backups but all the keys are on the dead drive or the only copy of the now 7 year old install program is in the root of the same dead drive. Oh yea, we got 7 years of backups, here is the tapes, or we use this "off site" service and they are all useless until 2 weeks later when the $2500 in lab drive recovery is done. And no, I'm not affiliated with the recovery people at all.

Oh well, I guess I shouldn't pick on the bosses rocket scientist nephew who has made so many full blown decisions based on half the information that it has stopped being funny long ago.

Re:Working On Something Similar (1, Funny)

Anonymous Coward | more than 5 years ago | (#24642397)

so by "working on" you mean in the same sense I'm "working on" time travel, even though i haven't decided if i'm going to follow D&D, White Wolf of MTG-style sorcery to do it..

it will better than all the other travel solutions, even though in order to use it, you must travel in time (and the time you travel is equal to the amount of time spent casting the spell)

Re:Working On Something Similar (0)

Anonymous Coward | more than 5 years ago | (#24642513)

Oh, like Ashay Backup?

http://www.ahsay.com/en/home/index.html

I've been using it for years, it's platform independent and works very well. (Java).

Problematic (1)

twatter (867120) | more than 5 years ago | (#24641863)

The cross-platform for starters. Maybe? I don't think there's such an application.

Unison [upenn.edu] might fit the bill, but I'm not sure about the FTP part (it does work over ssh, I think).

The thumb drive req might be another problem, because I was about to suggest writing a Python or Perl script to do this (relatively easy). Most Linux distros have Python and Perl, but OS X and Windows I think you'd have to pre-install them. And Perl doesn't ship with an FTP client lib, I don't think.

Depends on OS (1, Troll)

jessedorland (1320611) | more than 5 years ago | (#24641875)

If a user is transfering the files over Windows XP then he better start worrying about security holes of an OS long before FTP issue.

TrueCrypt (4, Informative)

kcbanner (929309) | more than 5 years ago | (#24641909)

See http://www.truecrypt.org/ [truecrypt.org] for cross platform encryption...you can throw your files in there.

Re:TrueCrypt (1)

hmckee (10407) | more than 5 years ago | (#24642041)

I use TrueCrypt on my portable hard drive and tried using it for this application. The problem was that TrueCrypt couldn't create a file system on an FTP server.

I've been using TrueCrypt to encrypt individual files before sending them to the FTP server. I'll have to give it a look again since my version might be a little out of date.

Does it have be to ftp? (2, Informative)

pananza (1228694) | more than 5 years ago | (#24641911)

I use Amazons S3 service and a great multi-platform UI called JungleDisk. S3 costs a little bit, but you get security (encryption), backup, reliability for a cheap price. Check out: http://www.amazon.com/s3 [amazon.com] and http://www.jungledisk.com/ [jungledisk.com]

Re:Does it have be to ftp? (1)

mbaciarello (800433) | more than 5 years ago | (#24642033)

I second the recommendation.

Backups are differential on a block level (blocks are a few MB, if I'm not mistaken). File identities and extended attributes are preserved. Upload resume and "on the fly" (i.e., without re-uploading) encryption key changes are supported for a premium (JD Plus service).

I'm not sure how secure the web access interface is, but I think you can disable it.

Re:Does it have be to ftp? (1)

hmckee (10407) | more than 5 years ago | (#24642071)

I was using Amazon S3 before realizing I was paying double when I had a spare 20 gigabytes on my FTP/HTTP hosting service. I could pay an extra $10 a month to get SFTP/SSH service but I guess I'm being cheap.

I'm also not storing anything so important that I need a technically superior solution.

hmm (0)

Anonymous Coward | more than 5 years ago | (#24641933)

i thought filezilla supported sftp out of the box. at least i've been able to use it so. forportable cross platform, u might want to put linux/windows static binaries on your pen-drive.

Re:hmm (1)

Arimus (198136) | more than 5 years ago | (#24642119)

It does.

The author though doesn't just want to encrypt the file in transit he wants to encrypt & digitally sign the file when it is stored on the ftp server.

duplicity + ftplicity (5, Interesting)

Horus107 (1316815) | more than 5 years ago | (#24641957)

duplicity combined with ftplicity:

"Anyone storing data on an unfamiliar FTP server needs to encrypt and sign it to ensure reliable protection against prying eyes and external manipulation. duplicity is just the tool for this, and the ftplicity script from c't magazine makes working with it child's play."

http://www.heise-online.co.uk/security/Backups-on-non-trusted-FTP-servers--/features/79882 [heise-online.co.uk]
http://duplicity.nongnu.org/ [nongnu.org]

Re:duplicity + ftplicity (1)

hmckee (10407) | more than 5 years ago | (#24642273)

Yes, I've looked at this, but I'm already using a Python script to do most of that. I was hoping to find something with a GUI and that was easier to put on a portable hard drive than Python.

Re:duplicity + ftplicity + Portable python (2, Insightful)

Noksagt (69097) | more than 5 years ago | (#24642443)

I was hoping to find something with a GUI

Then you should have put this as a requirement in your query. But I would ask WHY you want a gui? Backups should be set-and-forget! My USB sticks have multi-platform autorun scripts to execute my backup. I only need an interface if I choose to expand or shrink the backup set--I can edit a text file that has the list of what to exclude.

and that was easier to put on a portable hard drive than Python.

Python is pretty easy to put on a portable hard drive and there are multiple [portableapps.com] portable [portablepython.com] versions [voidspace.org.uk] .

Re:duplicity + ftplicity + Portable python (1)

hmckee (10407) | more than 5 years ago | (#24642495)

Blame this on my not writing up a really thorough spec for the small summary. You can see some of my other posts for more info, but this was sort of a query to see if anyone had done something similar because it seems like a simple project that might be useful.

As to the GUI, I was thinking it would be nice if it could double as a backup tool and a remote file system tool, ie access the files from another computer.

Re:duplicity + ftplicity (1)

sumdumass (711423) | more than 5 years ago | (#24642419)

Anyone storing data on an unfamiliar FTP server better make sure that is isn't important or private. FTP doesn't encrypt anything, including the user name and password. Simply sniffing either end of the connetion could allow anyone to delete the files, down load them to be cracked on a 2 million node bot net contributing cycles, or even infect the files with something that would notify me when you access them and either send your keys to me or give me access to your system.

And I said me not because I would or even could do something like that, but because it fit better then them or whoever. I am not in anyways capable of writing a virus outside of a hillbilly virus. You know, the sig lines that says forward this email to 20 people then type "format c:" in the run box and you will see a famous star naked with smiley faces resembling your children on your screen.

How do I hammer a nail into a wall? (0)

Plantain (1207762) | more than 5 years ago | (#24642005)

When hammering a nail into a wall, should I use a shoe, or a glass bottle?

Don't use FTP. Use something secure.

The problem with FTP (1)

RenHoek (101570) | more than 5 years ago | (#24642025)

Ok ftp supports reading chunks of data from files, i.e. byte range n-m.

However it doesn't support (I strongly suspect) _writing_ chunks. Sure you can say, 'REST n' and start writing but I think the file would be truncated.

This means, encrypted images like Truecrypt containers are out,s ince you'd be writing the entire file over and over again.

So you'll have to stay with single files.

We should make this product (0)

Anonymous Coward | more than 5 years ago | (#24642069)

https://launchpad.net/ensure

Reverse encfs (1)

wardle (206858) | more than 5 years ago | (#24642073)

Try the FUSE filesystem, encfs

Use in in reverse, provides an encrypted view of your data.

Then send that data anywhere you like.

Re:Reverse encfs (1)

Zygfryd (856098) | more than 5 years ago | (#24642303)

More importantly, you can just mount encfs over curlftpfs and have a 100% transparent solution. The downside is portability.

Being written (1)

DeBaas (470886) | more than 5 years ago | (#24642117)

At the moment I'm having an intern write such a program in Bash as a proof of concept. We use GnuPG to encrypt.

How it works is:
- create a hash of each file in the dir to backup
- the hash is placed in a 'map file' with the original name and path
- if on the server side no file with that hash as a filename exists, the script encrypts the file, uses the hash as a filename en ftps the file to the remote server.
- the map file is encrypted as well and gets the date as a filename and is send to the remote server as well.

Pretty simple. The clue is that you have to trust the remote site only to provide the service. You do not have to trust them not read your files. As a hoster you can safely say that you really cannot read their files as the encryption is done by the client.
By using the hash check, we make sure only changed files are sent. This method also gives us history. You can simply use the map file of a certain date to revert to a version of the file at that date.

It works, but is absolutely not ready to be released.

Re:Being written (1)

hmckee (10407) | more than 5 years ago | (#24642507)

That's cool. This is the information I was hoping to get out of this question. I've also read some posts with some really helpful info on obstacles that would need to be overcome to use this application on other computers.

Super Flexible File Synchronizer (1)

wolssiloa (721045) | more than 5 years ago | (#24642149)

Try Super Flexible File Synchronizer http://www.superflexible.com/ [superflexible.com] I've been using it to backup and sync my files over SFTP and FTP to two different FTP sites. It can use zip file encryption on each individual file, and uses file name mangling to retain the date information in the file. All this is transparent to the user. It can run portably if you use Universal Extractor (a portable app) to extract the contents of the setup file, then after first run, in the Options, tell the program to use a single .ini file. This one tool does all that you need.

FTP? Forget it (0)

Anonymous Coward | more than 5 years ago | (#24642159)

FTP has no chance of being secured. It's also painful to support in firewall terms. If you need secure file management and your ISP provides only FTP, you need a new ISP.

WebDAV over HTTPS, however, is built right into Windows' "Network Neighborhood", Konqueror, lftp, and lots of multi-platform Java Apps. It's a core component of Subversion over HTTP or HTTPS, and most web servers support it quite easily. It's also often easier to get running than SSH with chroot cages or SFTP.

Untrusted (0)

Anonymous Coward | more than 5 years ago | (#24642185)

If you want untrusted, email me and you can FTP your files to my site.

vanilla ftp: your password will be in the clear. (3, Insightful)

zonky (1153039) | more than 5 years ago | (#24642227)

This may well mean that despite whatever you do, encypt etc, someone can sniff the password and then simply come in and delete all your files. i.e, whatever other steps you take, this is inherently worthless.

Do they have SSH? (1)

Jane Q. Public (1010737) | more than 5 years ago | (#24642233)

If you can ssh to the site, you should be able to do sftp, which is basically ftp over ssh. That is about as secure as it gets without personalized encryption keys.

If you cannot ssh to the site, then you should find another host.

Manent fits the bill perfectly. (5, Informative)

gsasha (550394) | more than 5 years ago | (#24642247)

Well, it's feature list is exactly what you want and some more :). Here's the project description:
Manent is an algorithmically strong backup and archival program. It features efficient backup to anything that looks like storage. Currently it supports plain filesystems ("directories"), FTP, and SFTP. Planned are Amazon S3, optical disks, and email (SMTP and IMAP). It can work (making progress towards finishing a backup) over a slow and unreliable network. It can offer online access to the contents of the backup. Backed up storage is completely encrypted. Backup is incremental, including changed parts of large files. Moved, renamed, and duplicate files will not require additional storage. Several computers can use the same storage for backup, automatically sharing data. Both very large and very small files are supported efficiently. Manent does not rely on timestamps of the remote system to detect changes.
Check it out: http://freshmeat.net/projects/manent [freshmeat.net] . It's under active development (the UI and the setup are currently in fetal stage) but the basic functionality is there and is well tested.
Disclaimer: I am the author.

Re:Manent fits the bill perfectly. (0)

Anonymous Coward | more than 5 years ago | (#24642357)

You sir, are brilliant. This is exactly what I've been looking for for some years now.

Just a question, I don't seem to be able to find the license. What license is it under?

Re:Manent fits the bill perfectly. (2, Informative)

gsasha (550394) | more than 5 years ago | (#24642427)

I'm aware of the issue. I plan to release it under dual GPL/something else license very soon.

Ftplicity is what u look 4 (0)

Anonymous Coward | more than 5 years ago | (#24642279)

get duplicity
funny nobody mentioned it yet...
t

http://duplicity.nongnu.org/

Look, I'm not so sure about security but (1)

axlr8or (889713) | more than 5 years ago | (#24642299)

Unless your planning on accessing your data from one location only, I'd suggest you forget it. I've been to different locations around the country and found that some bigger hotel chains as well as some so called 'hot spots' will actually firewall FTP. It's not unreasonable to believe ISP's are doing the same thing. I cannot access my ftp services from where I work. So, I'd be thinking of some other setup.

The wonders of pipelines (1)

jandersen (462034) | more than 5 years ago | (#24642321)

If possible, keep it simple. This is what I do - it is from UNIX, I don't know if Windows can handle it, but probably through a proper UNIX subsystem:

(cd /source/directory;tar cf - *)|ssh user@target '(cd /target/directory;tar xvf -)'

The left side will copy the whole directory tree under /source/directory and put it out on stdout in tar format; the right side will route the stdout to the target machine, where it will be unpacked under the target directory. If you don't want to copy everything, there are ways of handling that too - read the man pages of tar and find.

Give up (1)

FooBarWidget (556006) | more than 5 years ago | (#24642349)

I've looked into this in the past. There is nothing better than Duplicity.

I eventually gave up and started backing up my data to servers that I do trust. You should too. You can rent a VPS for only $20 per month. It's just easier and *know* that you're the only one who has root access (assuming that you keep updating your system, of course).

Multi platform might be the problem (1)

houghi (78078) | more than 5 years ago | (#24642361)

I can see a relative easy solution for Linux and that is just scripting the whole thing. Almost any backup script should be able to do what you want and can get the files from Windows machines as well. That will be in CLI, which should not be an issue as backups should not run in GUI anyway, but automagicaly with cron.

It becomes different if you also want the restore to be in the same tool.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...