I'm planning on implementing a ANONYMOUS remote backup server for some other server I have, and I'm asking you for some ideas.
What I'd usually do, is creating my /var/backup directory with rsync, and make encrypted and signed backups with duplicity, which then are be pushed to my backup location via ssh/scp.
I've been thinking about making a hidden service for the SSH, but that's no good. The problem is, that it requires a SSH account on the backup location, which would enable someone who hacked the main server also to get user access to the backup server. And then all it takes would be to do a "ip addr" to get the IP of the backup server. Of course I could come up with a containerized solution, but that's work, and I'd still like something more dedicated for file uploads, because I don't see any reason to grant shell access just to push some files.
Then I thought, that maybe I could use a FTP server like VSFTP. Normally FTP can't be torified because the server starts the data connection to the client, which is impossible, if the client uses tor. But there's also the possibility to let it run in "passive mode", which means, that the client starts both connections. In theory, this could be torified, but I haven't found any discussions regarding its security, and, as we all should know, torifying applications is not trivial.
Do you have any other ideas about how I could implement my data-upload-hidden-service, or otherwise store my encrypted backups anonymously? Is FTP really the best solution to implement some automated file uploads?
>I've been thinking about making a hidden service for the SSH, but that's no good. The problem is, that it requires a SSH account on the backup location,
>which would enable someone who hacked the main server also to get user access to the backup server.
You are going to have to have to run some kind of daemon on the backup server that will allow for remote file transfers.
If there is a vulnerability in that daemon, it is possible an attacker could exploit it for user-level access.
It seems a simpler solution to just use a secure implementation of SSH.
>And then all it takes would be to do a "ip addr" to get the IP of the backup server
This would only reveal your private ip. The actual problem is if they can make a clearnet connection out which they can use to get your public IP. To mitigate this I have a firewall that blocks all network access except to a gateway box which uses Tor as a reverse proxy for the server.
>because I don't see any reason to grant shell access just to push some files.
OpenSSH allows you to disable shell access.
>Do you have any other ideas about how I could implement my data-upload-hidden-service
I use proftpd to host a sftp server with virtual users.
>>9936 >If there is a vulnerability in that daemon, it is possible an attacker could exploit it for user-level access. It seems a simpler solution to just use a secure implementation of SSH.
When some daemon gets hacked, it's a bug to get userlevel access. When using SSH, it's a feature. With shell access someone could simply type "ip addr" or "ping cia.gov".
>>9938 >OpenSSH allows you to disable shell access.
That's interesting... Where would this be done? in the sshd_config or in /etc/passwd?
>>9939 Wasn't tahoe-lafs more decentralized, meaning it requires more than a single node?
>That's interesting... Where would this be done? in the sshd_config or in /etc/passwd?
Found it! It can be done in the authorized_key file. Thanks anon, you're great.
I'm planning on implementing a ANONYMOUS remote backup server for some other server I have, and I'm asking you for some ideas.
What I'd usually do, is creating my /var/backup directory with rsync, and make encrypted and signed backups with duplicity, which then are be pushed to my backup location via ssh/scp.
I've been thinking about making a hidden service for the SSH, but that's no good. The problem is, that it requires a SSH account on the backup location, which would enable someone who hacked the main server also to get user access to the backup server. And then all it takes would be to do a "ip addr" to get the IP of the backup server. Of course I could come up with a containerized solution, but that's work, and I'd still like something more dedicated for file uploads, because I don't see any reason to grant shell access just to push some files.
Then I thought, that maybe I could use a FTP server like VSFTP. Normally FTP can't be torified because the server starts the data connection to the client, which is impossible, if the client uses tor. But there's also the possibility to let it run in "passive mode", which means, that the client starts both connections. In theory, this could be torified, but I haven't found any discussions regarding its security, and, as we all should know, torifying applications is not trivial.
Do you have any other ideas about how I could implement my data-upload-hidden-service, or otherwise store my encrypted backups anonymously? Is FTP really the best solution to implement some automated file uploads?