Scheduling encrypted backups with Windows (to unix)

Atomic RouterAtomic RouterThis issue has been puzzling me for some time. I have this Atom based home-brew router sitting on the shelf with a 2TB drive attached to it. So yes, it does also serve as a NAS, Meda-Server etc. All the good stuff. So theoretically it should be also a good place to backup my data to – in case one of the workstation harddrives fails – been there, done that. No IBM drives for me since that incident.

So, where is the catch? Backing up private and sensitive data to that device would be almost insane, this nice piece of hardware is directly connected to the internet and thus exposed to a variety of break in attempts. What if one of these is successful? Riiiite, I would be fu***. Properly.

The solution is very obvious; encrypt your data before you move it onto the server. But how would one do that using a windows client and free software only? There are several ways to achieve that. You could choose to write a batch script, use 7zip or something to compress / password protect that data and copy it over to the other side.

Since I don’t really like batch scripting and prefer doing fancy stunts using bash, I choose cygwin, cron (running as NT service, @see /usr/share/doc/Cygwin/cron-4.1-7.README) and openssl to encrypt that data. So, here is the one-liner doing all the work:

tar cz MyImportantDataDirectory | openssl des3 -salt -pass pass:SECRET | ssh pulsar@router "cat > /mnt/backups/documents-daily.tar.gz.des3"

Go crazy now! Use the week-number to create a series of backups instead of the daily snapshot, remove old backup sets etc. Once you have that script, schedule it using the cron (crontab –e) and watch your sensitive data being backed up automagically. /me likes!