I currently have a simple bash script set up via cron to backup my data (rsync) to an internal hard drive at regular intervals. I leave this “backup” hard drive unmounted, and it is mounted and unmounted as needed with the bash script.
If I were to encrypt this “backup” drive (via Luks, or some other means), is there a way to get my backup script to work without me having to be there to enter a password?
>
> I currently have a simple bash script set up via cron to backup my data
> (rsync) to an internal hard drive at regular intervals. I leave this
> “backup” hard drive unmounted, and it is mounted and unmounted as needed
> with the bash script.
>
> If I were to encrypt this “backup” drive (via Luks, or some other
> means), is there a way to get my backup script to work without me having
> to be there to enter a password?
>
>
Sounds like a job for expect. Have a look around on the web for tutorials.
Note that does mean that your password will be in the bash script, thereby
making your security fairly pointless
Use Keyfiles instead of passwords (or better, use a very strong passphrase as fallback and a keyfile for “auto-backup”).
Important point, however, encryption does not protect you at all if the system is running, so if
a) the running system is not encrypted (and only the backup is), the whole things does not make much sense anyway ($BADGUY will most probably steal the external disk AND the machine)
b) the running system is encrypted, storing the keyfile ONLY on the (encrypted) running system (and maybe keeping a copy of it on another, external medium, which of course also has to be encrypted!) will protect the backup and the running system against offline attacks.
This sounds good. My intent is to encrypt all my data drives (per your (a) above), I just couldn’t figure out how to get my backup encrypted as well without losing my timely backups. Thanks for the help, I’ll research using keyfiles.