Encrypted TimeMachine backups on network share

Mac OS normally doesn’t allow you to use network shares as targets for TimeMachine backups. This can be worked around, tho. 🙂

First you need to tweak Mac OS to accept network shares by entering the following command in a Terminal session:

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

That would already allow you to store your backups on a network share. But do you really want to trust your valuable data to a network share that can potentially be accessed by untrusted users, such as your favorite bastard admin from hell?! :)

Here’s when the following comes in:

You will create an encrypted sparse bundle and use it as a target for the backup.

Start Disk Utility from Utilities and click New Image in the toolbar. In Save as move to a local location where you would like to create the backup on and enter a filename that matches the following template:

<Computer Name>_<Ethernet Address>.sparsebundle

For <Computer Name> enter the name of your Mac which you can look up under System -> Preferences -> Sharing. For <Ethernet Address> enter the Ethernet address (aka “MAC address”) of your network interface that you use to access the network share, in the format 112233445566.

For the volume name, choose Time Machine. Choose a volume size that is as large as the backup should get. Note that the image file won’t be as large from the beginning on, but it may later grow to that size. Choose an encryption mode; 128-bit AES should be fine. Very important: As an Image Format choose Sparse bundle disk image. Press Create. When prompted for a password, enter a “strong” password that’s not easy to guess. Check Remember password in my keychain.

Finally, move the sparsebundle to your network share where you would like your backup to be stored.

Now you need to move your saved password from the Login keychain to the System keychain so that it is automatically used by Time Machine. Open Keychain Access from your Utilities folder and select the Login keychain. Drag the disk image password for the sparsebundle file you just created to the System keychain. Enter your password, and when Keychain Access asks you whether you want to allow access to the stored password, click Allow.

Now start Time Machine in System Preferences, click Change Disk, and then select the network share where you would like your backup created.

That should be it!

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

By Ralf Bergs

One reply on “Encrypted TimeMachine backups on network share”

Leave a Reply Cancel reply