Mailing List Archive

   tlug.jp -> Mailing List -> tlug archive -> tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Raid5 box & backup

I can say a bit about those Buffalo boxes (TeraStation), as one of my clients has one and I was looking into hacking it so that I could get it to rsync things onto itself.

By default these things are running a Linux kernel with plenty of the standard tools (SSH, rsync, etc), but they're locked down to stop you getting in. They're setup to let you use them over Samba, and have a GUI you're supposed to use to administer them. It might just be possible to do what you need without hacking it - I'm imagining something like this:

- You create a TrueCrypt volume, with its own password, for each of your private parts. (Stop sniggering at the back, you know what I mean...) I think you should be able to mount each volume over your local network using Samba, so your client PC will have access to an encrypted volume which it will decrypt locally, using the password for that volume.

- Use the TeraStation's built-in backup system to sync the two boxes. IIRC they have a built-in method to sync themselves to another Terastation. (Under the hood I think they're using rsync over SSH). I think it would be possible to split the disk array into two and tell the TeraStation to sync half in one direction (Tokyo->Brittany) and the other in the other direction (Brittany->Tokyo).

A few caveats:
- Although I think it should work, I haven't tried using TrueCrypt to mount a volume read/write over a network share; I assume that if you try to mount the same volume read/write from two computers at the same time very bad things will happen to your data.
- I may be wrong about the TeraStation being able to sync different disks in different directions. (Definitely possible if you hack it, though. Or buy _four_ TeraStations, and have a master and slave at each end...)
- The TeraStations can only sync to each other if they know the IP address or hostname of the remote TeraStation. This may be hard to do if you have dynamic IP addresses; The conventional solution would be to run a dynamic DNS client on each box, but you can't do that unless you hack them. (See below.) Another option might be to run dynamic DNS on another client at each end.
- Security-wise it's a bit troubling to put these things on the open internet (since they're effectively just Linux boxes, and people are succeeding in hacking into them even without messing with the hardware). This isn't quite as bad as it might be as your data should (I think) not be decryptable even if the boxes do get hacked. But someone could still delete the data at both ends, or do other nefarious things having used the TeraStation to get into your network. The obvious thing would be to firewall the boxes off so that they can only see each other, but that may also be hard if you're dealing with dynamic IP addresses.

Of course, all kinds of things are possible if you hack the box, which might be easy but might also turn out to be hard if the firmware version you end up with hasn't yet been cracked by some helpful person. (After looking into this I decided not to risk bricking my client's TeraStation by messing with the firmware - although I might take another look and see if Buffalo used Debian to generate their SSH keys...)

Hope that helps.

Edmund Edgar
lists@example.com
http://www.edochan.com
http://www.socialminds.jp

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links