Hello everyone.

I have been interested in starting to self-host, and I have just been able to set up the first useful thing for myself (apart from a PiHole that I have running).

Since I am very afraid of making security mistakes, I would like to get feedback from you if my setup is secure or not.

The simple use case: I want to be able to back up files from my main computer to a hard disk, without having the hard disk attached to my main computer.

The setup:

  • A Raspberry Pi 4 running Raspberry Pi OS Lite (64-bit).
  • The Raspberry Pi can only be accessed via ed25519 key.
  • I configured a firewall on the Raspberry Pi with ufw to allow only traffic from the local subnet.
  • I then use sshfs to mount the hard disk connected with the Raspberry Pi to my main computer.
  • I plan to use rsync to back up my files.

Now I need your help: how secure is this setup? Did I make any major mistake? Is there something I could do better?

I’d be happy to get some feedback… 🙂

  • passenger@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    5 minutes ago

    I can recommend duplicati on windows or pika backup (which is a borg backup gui) on linux. Then just make a user on raspberry pi and enter the ssh login in your backup client and you’re set.

    Duplicati / Pika / Borg will encrypt the backups for you! So there is no danger of someone reading or changing your backups. You could use even some free cloud storage to store the backups safely. It really doesn’t matter where you store them.

    Rsync won’t deduplicate or make archives so you cannot restore a backup from any chosen date. Rsync is sync not backup.