How to mount encrypted Backup

[rh-xZa2W]

Hello,

How is it possible to mount an encrypted Backup on our PBS? I don't understand the Syntax in the Documentation. Do I need an extra Hard Disk or can I mount it to a local directory?

Thank You!

 

[che]

Hello,

How is it possible to mount an encrypted Backup on our PBS? I don't understand the Syntax in the Documentation. Do I need an extra Hard Disk or can I mount it to a local directory?

Thank You!

Hi,
you don't need an additional harddisk to mount the encrypted backups from PBS, just a (typically empty) directory as mountpoint.
Not that the server is at no point able to mount an encrypted backup, only the proxmox-backup-client + key is able to do that.

The client will use a FUSE implementation which fetches needed chunks from the server on demand and locally decrypt them using the provided key. These chunks are kept in system memory and discarded if not needed anymore. This is also the reason why the mount might create network and CPU load on the system, as it continuously needs to get chunks and decrypt them.

Edit: If you want to mount a backup on the server, you need to install the proxmox-backup-client there and get the encryption key there. But that is not what you should do, as the main ideas of encrypted backups is that the server never knows about the key and the data is therefore secure (as in not decryptable) even if the server gets compromised.

 

[rh-xZa2W]

Yes, i already know. My Question is more: What Command exactly are you typing?
I've tried:

proxmox-backup-client mount /mnt/path/to/drive-sata0.img.fidx /mnt/path/ --keyfile /path/to/keyfile

I get: Error:

parameter verification errors

Thank You!

 

[che]

Yes, i already know. My Question is more: What Command exactly are you typing?
I've tried:

proxmox-backup-client mount /mnt/path/to/drive-sata0.img.fidx /mnt/path/ --keyfile /path/to/keyfile

I get: Error:

parameter verification errors

Thank You!

Ah I see: note that the mount works only for pxar (file system based) backups. If you want to mount an image of a VM, than you will first have to map the image to a loopback device and than mount one of the the partitions of that.

# proxmox-backup-client map vm/100/2020-10-24T19:00:00Z drive-scsi0.img --repository host:pbs --keyfile /path/to/key                                                     :(
Image 'host:pbs:vm/100/2020-10-24T19:00:00Z/drive-scsi0.img' mapped on /dev/loop0
# mount /dev/loop0p1 /mnt
mount: /mnt: WARNING: device write-protected, mounted read-only.
# ls /mnt
bin  boot  dev  etc  home  lib  lib64  lost+found  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

Edit: proxmox-backp-client list should give you all the info you need for your backups.
Edit: Also don't forget to umount and unmap afterwards.

 

[rh-xZa2W]

I'm getting

Error: unable to parse backup snapshot path '/mnt/path/vm/id/2020-12-08T00:55:48Z/'

While running

proxmox-backup-client map /mnt/path/vm/id/2020-12-08T00:55:48Z/ drive-scsi0.img.fidx --repository host:pbs --keyfile /root/pve-key.enc

Any Ideas?

Thanks!

 

[che]

I'm getting

Error: unable to parse backup snapshot path '/mnt/path/vm/id/2020-12-08T00:55:48Z/'

While running

proxmox-backup-client map /mnt/path/vm/id/2020-12-08T00:55:48Z/ drive-scsi0.img.fidx --repository host:pbs --keyfile /root/pve-key.enc

Any Ideas?

Thanks!

Okay, so there seems to be a misunderstanding.
You can not do this with the fixed chunksize index file directly (fidx). You rather have to do this via the PBS client-server infrastructure, as the data is stored in the chunkstore and not contained within the index file, that one simply references the chunks.

proxmox-backup-client list shows you the last snapshot for each group and the files contained within that snapshot. That is the information you have to provide to the map command, not the path to the index file.

 

[rh-xZa2W]

Okay perfect it worked!

Thanks!!!