On Sun, Dec 11, 2005 at 04:37:12PM -0800, Paddy Sreenivasan wrote:

> > [1] You need client-side encryption if you don't want your data flowing
> > unencrypted over the network.
> You can use ssh for server/client communication and server side data
> encryption.

While this is possible, I don't like it because it has two disadvantages:

1. You need to set up keys for both, ssh _and_ amanda.

2. You need to set up ssh keys either by storing the passphrase in
   cleartext or use ssh-agent.  Using ssh-agent has security-flaws, too.
   In addition, with ssh-agent, you will need to type the passphrase
   at least once after every reboot.  Not very suitable for a
   fully-automated backup-system, IMHO.

When you use a public key on the client to encrypt, you can lock away
the private key in a secure place.  Both, transport _and_ storage will
be encrypted with such a setup.

-- 
No software patents in Europe -- http://nosoftwarepatents.com
-- Josef Wolf -- jw AT raven.inka DOT de --