Blog roll
R-bloggers, Debian Weekly![[Valid RSS]](valid-rss-rogers.png "Validate my RSS feed")
Last modified:
2007-01-28
How do you share diskspace for backups with your peers without increasing your vulnerability for break-ins and how do you host your peer's sensitive data without being able to access it yourself?
The short version: encrypted image-files on sshfs.
EDIT: 2012-08-14, the development of cryptmount has made sudo unecessary in this case. See free-secure-online-backup for info on how to use cryptmount.
Let's say user Lisa (with username 'lisa') at host foo is the client, bar is the server that hosts the backup. lisa has a login-account at bar.
foo to bar, by putting the public part of her ssh-key in bar:.ssh/authorized_keys (and making that file not readable for anybody but herself (and root) by chmod 600). Thus, bar only has access to Lisas public key, which contains no sensitive data.sshfs (for B there is no difference between a normal ssh connection and sshfs mount) to mount bar:/home/lisa on a local directory, e.g. /home/lisa/mnt/bar$ sshfs -o allow_root bar: mnt/bar
bar, e.g. bar:/home/lisa/sensitive-backup.img. Lisa mounts this image-file using a passphrase that is used for the kernel at foo to lock up the encryption of the image file. Lisa uses the local mount point mnt/private-backup to map to the image-file. To mount the encrypted image file using the loop device at foo, Lisa needs root priviledges, which in turn requires that sshfs is called with -o allow_root. The secure remote backup directory needs a mountpoint of its own e.g. /home/lisa/mnt/backup$ sudo losetup -e /dev/loop0 mnt/bar/sensitive-backup.img $ sudo mount /dev/loop0 mnt/backup
Lisa copies her files to mnt/backup and then unmount like this:
$ sudo umount mnt/backup $ sudo losetup -d /dev/loop0 $ fusermount -u mnt/bar
This procedure is secured against all evil powers outside of Lisas computer, including root at foo and eves-dropper of the network connection between foo and bar. (As always, Lisa cannot secure her sensitive data against root at foo, she'd better be root at foo).