btsync, where have you been all my life

Well, that was easy.

I've been using KeePass for password management for roughly five years, ish. I like that it's free, that it runs on all my devices and that it integrates with any password-protected application (not just my browser). Syncing the database to all said devices, on the other hand, has always been a minor headache. I don't want to rely on free cloud storage providers, so I substitute various incarnations of personal servers, and I sacrifice the nifty auto-syncing clients. I could run something like SparkleShare, but that seems like overkill for one lousy file. I also disable password authentication over SSH, so the native KeePass syncing capability is out--which isn't that big of a deal, because it doesn't work in the Android port anyway. Long story slightly less long, I've been mixing KeePass database triggers with a remote cron job and an Android port of rsync for a couple years.

So today I found BitTorrent Sync.

mind|blown

Oh my word, people. I can't even tell you. It's amazing.

You hand it a folder to sync, it hands you a 21-character key (password). The key uniquely identifies your sync folder. Any other btsync peer (computer running the syncing client) with the key can sync from the folder, and no peer without the key can even see it. The actual content transmission is just like regular BitTorrent, except with 256-bit AES encryption (based, again, on the folder key).

If you're running behind a LAN, that's all you need. Just btsync peers and a shared key, no external servers necessary.

If you're outside a LAN, you can enable MAGICAL THINGS: btsync can send a one-way hash (SHA-2) of your key up to a BitTorrent tracker, and match up peers by matching up hashes. It's brilliant. The hashes can't be forged (at least until somebody breaks SHA-2), and the original keys are needed for decryption. There are millions of hashed keys hanging out on the trackers right now, looking for matching peers, completely secure. Once the tracker matches up some peers, it's done; it never sees the synced data, encrypted or otherwise, because the peers talk to each other directly.

As a bonus, the btsync client does local backups by default. It'll automatically keep 30 days worth of version history. I just replaced my KeePass triggers, my cron job and my Android rsync with one tool, without handing any of my data to a third party.

Install

Per usual, setting up the Windows and Android clients is a fairly brainless process; setting up a Linux client is a little more exciting. Here's what I did on my Ubuntu 13.04 server:

We don't set things up manually in Ubuntu, son!

Use the PPA:

$ sudo add-apt-repository ppa:tuxpoldo/btsync
$ sudo aptitude update
$ sudo aptitude install btsync

(If you're on a version of Ubuntu that didn't come with add-apt-repository, you can grab it from the software-properties-common package. I mention this only because when I was on 12.04, it took way too long to find.)

Configure

apt will throw some preliminary config options at you and start the btsync client in daemon mode; you can configure more things after the install is complete (check the main Debian/Ubuntu instructions and the user guide for details):

$ sudo dpkg-reconfigure btsync

dpkg-reconfigure saves your settings to a read-only configuration file at /etc/btsync/debconf-default.conf. You can create as many syncing profiles as you want; just stick them all in /etc/btsync. I ended up copying the defaults to a new profile specific to my user (/etc/btsync/gemma.conf), borrowing more settings from the /etc/btsync/user-new.conf sample:

//!/usr/lib/btsync/btsync-daemon --config
//
// in this profile, btsync will run as my user ID
// DAEMON_UID=gemma
//
{
        "device_name": "my server",
        "storage_path" : "/home/gemma/.btsync",
        "listening_port" : 12345,
        "check_for_updates" : false,
        "use_upnp" : false,
        "download_limit" : 0,
        "upload_limit" : 0,
        "disk_low_priority" : true,
        "lan_encrypt_data" : true,
        "lan_use_tcp" : false,
        "rate_limit_local_peers" : false,
        "folder_rescan_interval" : 600,
        "webui" :
        {
        },
    "shared_folders" :
    [
        {
            "secret" : "my folder key",
            "dir" : "/path/to/my/synced/folder",
            "use_relay_server" : true,
            "use_dht" : false,
            "search_lan" : false,
            "use_sync_trash" : true
        }
    ]
}

Most of that's pretty boring, except:

  • I disable upnp and set a specific listening port so I can easily control access with my firewall (ufw).
  • I disable the built-in web UI, because no.
  • This client is running on my remote server, so I enable LAN encryption and the relay server, and disable LAN searching.

Once you've got your profile(s) set, you can control which one(s) btsync loads with the /etc/default/btsync config file. By default it loads all the profiles in /etc/btsync, but I want it to only load profiles I specifically request:

# just load gemma.conf, nothing else
AUTOSTART="gemma"

Wait wait wait

Make sure your profiles are readable by the user in DAEMON_UID! The btsync client is still pretty young, there's not much (read: any) logging, and if it can't read the configuration file, it'll just fail silently.

$ sudo chown gemma:gemma /etc/btsync/gemma.conf

At the same time, the profile has your folder key in it, so protect it:

$ chmod 600 /etc/btsync/gemma.conf

Let 'er rip

The btsync package is automatically hooked into upstart, so this part's easy:

$ sudo service btsync start
 * Starting P2P file synchronisation daemon(s)...
 * Autostarting btsync instance 'gemma'
$ service btsync status
 * BTSYNC 'gemma' is running

That's it. The sync folder(s) listed in the gemma.conf profile will now sync with any and every matching peer (in my case, a desktop, a laptop and a smartphone).

Happy syncing!

social