Does anybody have any ideas on ways to provide in-flight encryption for Veeam Agent for Linux backups? That is, how do I encrypt the NFS or SMB traffic? (If B&R can encrypt in-flight, I'd like to know, but I currently can't afford the license, so I need an NFS or SMB solution.)
I cannot use Kerberized NFS4, so haven't even tried.
Things I've already considered:
Mount SSHFS with a pre-job script and configure Veeam to use that as a "local" repository. I don't like this, because if the SSHFS mounting fails, the path will be on a filesystem I'm trying to back up. Dunno how Veeam might handle that. I can mark the directory immutable to prevent it from being able to write if SSHFS is not mounted, but that just feels janky.
Use SSH port forwarding to tunnel NFS. This lets me use an NFS repository, so I avoid the problem of Veeam trying to do a backup if the target is not actually available. But this feels really janky. And this and SSHFS would require keeping track of SSH keys and is more hassle than I want to commit to.
Use Samba with "smb encrypt = mandatory" for the share. This doesn't seem to work at all. I get access denied messages in my logs, where without that config line, it mounts and backs up just fine. Apparently mount.cifs didn't support encrypted shares until kernel 4.11 , which came out Monday!
Alternatively (and preferred), does anybody know if the Veeam agent is going to support native encryption in the client? How is that missing?
 https://lists.samba.org/archive/samba/2 ... 07530.html