[PVE-User] Security Proxmox Backup Server

Arjen leesteken at protonmail.ch
Sat Mar 26 18:52:57 CET 2022

On Saturday, March 26th, 2022 at 18:31, Jean-Laurent Ivars <jl.ivars at ipgenius.fr> wrote:

> Hello everyone,
> To give you a bit of context I’m pretty comfortable with PVE that I use for years and enjoy so much for everything it can do, it’s simplicity while being so full of possibilities and it’s stability.
> Until today I never had installed a PBS and now I’ve done it but I haven’t spent so much time on the configuration nor on learning how to use it yet, even though it seems very promising !
> Having searched the perfect solution for backup my PVE clusters and VMs for years it seems it’s finally getting there and so now Proxmox is (finally) a real solution that miss absolutely nothing to be production ready, though I have a question : I’ve seen in the doc many times that it’s not a problem if the PBS is not fully trusted because it’s possible to activate encryption on the client side but what if it’s the client, VM or the PVE cluster that becomes untrustworthy ? Let’s say my cluster get hacked !
> Is there a way it compromises the backups ?

Make sure to use a limited account (or API token (per cluster)) that allows the PVE cluster where the VM runs to make backups but not read or delete them. That way, it can only do a denial of service if it is hacked but not damage existing backups. If you even need to restore a backup, temporarily give the limited account read access. By giving each PVE cluster its own encryption key, they cannot decrypt each others backups even with read permission.
Containers can create .pxarexclude files that can exclude files from backups, but VMs cannot interfere with backup process, as far as I know.

Syncing backups from one PBS to another, which is not directly accessible by the PVE cluster, can also help against tampering and deleting of backups.

I'm not sure that this covers all possible attacks. I hope other people will correct me.

Best regards, Arjen

More information about the pve-user mailing list