After the CentOS fiasco (good job Redhat/IBM) and since we are more or less in lockdown I decided to invest a couple of days to migrate my home infra from CentOS 7 to Debian 10. One of my physical machines, which was also CentOS 7 based, is used as ISCSI target. Debian 10 - Server A.K.A. Target Install the required packages: $ sudo apt-get install tgt dkms Create a device backstore: …

The idea here is to have a LUKS2 encrypted volume stored on a remote server that allows authenticated clients to load and decrypt the data without letting the server know what is being written, read and stored. Keep in mind that this solution is not 100% bulletproof, you still kind of have to trust the backup server because a malicious entity might take multiple snapshots of the encrypted iSCSI LUN and try to crack the encryption. …