wmoran at potentialtech.com
Thu Jun 25 08:28:23 EDT 2009
In response to Vance Kochenderfer <vkochend at nyx.net>:
> Bill Moran <wmoran at potentialtech.com> wrote:
> > In response to Michael Semcheski <mhsemcheski at gmail.com>:
> > > OK, the target system is my computer, and the linode system is
> > > the WPLUG server.
> > >
> > > 1. The linode system ssh's to the target and mounts the encrypted
> > > filesystem on the target.
> > #1 is not in line with your original proposal, and therefore doesn't
> > meet the original requirements.
> > The first step should be to use FUSE/sshfs to mount the encrypted
> > filesystem _over_ ssh/scp. Doing it that way would prevent the system
> > with the data from ever accessing it, since the filesystem is never
> > actually mounted on the computer hosting it.
> > That is, unless FUSE works radically different than other implementations
> > I've seen.
> I think Bill's got it right. You attach a directory on the target
> machine to the Linode server via sshfs, e.g.
> [root at linode]# sshfs wplug at mikes.machine.net: /mnt/mhsemcheski
> which connects /mnt/mhsemcheski on Linode to /home/wplug on Mike's
> This way, all encryption/decryption of the filesystem takes place
> on the Linode server, not on the target machine.
Shouldn't there be an extra step in there? Mounting a remote file
as an encrypted filesystem? I'm not very familiar with this process
on Linux, but found this howto:
Appears to be a little out of date, but in the right spirit.
More information about the wplug-internet