Hidden Backup Server
Been a while, eh?
I’ve been needing an offsite backup solution and recently I found a VPS provider that had an amazing deal on storage that I couldn’t pass up. Prior to renting this new VPS I just pulled certain files every month or whatever, but I had a cron running every 6 hours backing up everything. This wasn’t the best idea, but it worked.
Now that I have a dedicated vps for backups I can actually do proper backups of imglnx, my other projects, and personal data.
Instead of using duplicity for backups, I decided to do it my own way via sftp, gpg, and tor. So let's get into this!
Backup server:
root@yolotrain:~# sudo apt-get install tor
root@yolotrain:~# vi /etc/tor/torrc
HiddenServiceDir /var/lib/tor/hiddenservicename/
HiddenServicePort 22 127.0.0.1:22
HiddenServiceAuthorizeClient stealth name1
root@yolotrain:~# systemctl enable tor
root@yolotrain:~# systemctl start tor
root@yolotrain:~# cat /var/lib/tor/hiddenservicename/hostname
myonionnamegoeshere.onion randomstringhere # client: name1
Host/Server you want to backup:
root@awesomecrack:~# sudo apt-get install tor
root@awesomecrack:~# vi /etc/tor/torrc
HidServAuth myonionnamegoeshere.onion randomstringhere # client: name1
root@awesomecrack:~# systemctl enable tor
root@awesomecrack:~# systemctl start tor
root@awesomecrack:~# vi .ssh/config
host hidden
hostname myonionnamegoeshere.onion
proxycommand ncat --proxy 127.0.0.1:9050 --proxy-type socks5 %h %p
Then you can just do “ssh hidden” on your host server.
I also have a bash script to go zip directories, gpg encrypt them, then scp -i keyfile.key file.gpg username@hidden:backup-dir
. The gpg key I’m using was generated on my desktop and all I did was import the public key on the server I want to backup, so I can encrypt the backup before sending it off to the backup server.
NOTE: If I did something incorrectly or insecure here please notify me about it. (Still a bit new to messing with hidden services.)
until next time