Hidden Backup Server

Routing over tor for a hidden backup server.

// Guide / Privacy // Published on July 19, 2017, 9:31 p.m.

Been a while, eh?

I’ve been needing an offsite backup solution and recently I found a VPS provider that had an amazing deal on storage that I couldn’t pass up. Prior to renting this new VPS I just pulled certain files every month or whatever, but I had a cron running every 6 hours backing up everything. This wasn’t the best idea, but it worked.

Now that I have a dedicated vps for backups I can actually do proper backups of imglnx, my other projects, and personal data.

Instead of using duplicity for backups, I decided to do it my own way via sftp, gpg, and tor. So let's get into this!

Backup server:

root@yolotrain:~# sudo apt-get install tor 
root@yolotrain:~# vi /etc/tor/torrc 
HiddenServiceDir /var/lib/tor/hiddenservicename/ 
HiddenServicePort 22 127.0.0.1:22 
HiddenServiceAuthorizeClient stealth name1 
root@yolotrain:~# systemctl enable tor 
root@yolotrain:~# systemctl start tor 
root@yolotrain:~# cat /var/lib/tor/hiddenservicename/hostname 
myonionnamegoeshere.onion randomstringhere # client: name1

Host/Server you want to backup:

root@awesomecrack:~# sudo apt-get install tor 
root@awesomecrack:~# vi /etc/tor/torrc 
HidServAuth myonionnamegoeshere.onion randomstringhere # client: name1 
root@awesomecrack:~# systemctl enable tor 
root@awesomecrack:~# systemctl start tor 
root@awesomecrack:~# vi .ssh/config 
host hidden 
hostname myonionnamegoeshere.onion 
proxycommand ncat --proxy 127.0.0.1:9050 --proxy-type socks5 %h %p

Then you can just do “ssh hidden” on your host server.

I also have a bash script to go zip directories, gpg encrypt them, then scp -i keyfile.key file.gpg username@hidden:backup-dir. The gpg key I’m using was generated on my desktop and all I did was import the public key on the server I want to backup, so I can encrypt the backup before sending it off to the backup server.

NOTE: If I did something incorrectly or insecure here please notify me about it. (Still a bit new to messing with hidden services.)

 

until next time