Wednesday, June 10, 2009

Remote access to encrypted directory at Linux server

This post describes how to configure remote access to an encrypted directory. I wanted to create a personal directory on a Linux server:
  • accessible as a mountable network filesystem;
  • with the content being encrypted;
  • easily configurable.
For the sake of simplicity, I selected SSHFS instead of NFS because:
  • SSHFS does not need to perform any configuration on the server, it lasts the SSH connection to be configured (that is often done already);
  • SSHFS does not need any new special ports to be open on the firewall (SSH port is sufficient).
The disadvantage of SSHFS is that the connection may be slower because of communication encryption. However, I want to use it for personal purposes only. Data encryption will be performed with EncFS. Both the server and client are Ubuntu Linux systems.

The desired configuration is as follows:
  • On the server, I want an encrypted directory available over the SSHFS. Thus, the shared directory would be /home/user/shared that would contain encrypted directory /home/user/shared/encrypted.
  • On the client a remote directory would exist,
    /home/user/.remotedir, that would contain encrypted subdirectory encrypted, which I want to mount to the decrypted directory /home/user/Remote.
  • Only the /home/user/Remote directory would be used by me and EncFS will encrypt all the content into /home/user/.remotedir/encryped, which in turn would be remotely stored via SSHFS on the server.

Server configuration

  1. Make sure SSH is up and running.
  2. Create shared directory:
    mkdir /home/user/shared
  3. Inside of the shared directory create encrypted directory:
    mkdir /home/user/shared/encrypted
  4. Update permissions:
    chmod -R o-rwx /home/user/shared

Client configuration

  1. Install SSHFS and EncFS:
    sudo apt-get install sshfs encfs
  2. Create directory for mounting the remote directory
    mkdir /home/user/.remotedir
  3. Create directory for mounting the encrypted remote directory:
    mkdir /home/user/Remote
  4. Mount the remote directory using SSHFS (insert SSH password to the server):
    sshfs user@myserver.org:/home/user/shared /home/user/.remotedir
  5. Enable encryption:
    encfs /home/user/.remotedir/encrypted /home/user/Remote
    The computer would ask you the type of instalation. Hit ENTER to select "standard". Then insert password for the encrypted content.
  6. To unmount everything, you should first unmount the encrypted volume and then the SSHFS:
    fusermount -u /home/user/Remote
    fusermount -u /home/user/.remotedir
  7. That's all.
For the sake of simplicity, I have created two simple scripts: mountRemote and umountRemote:
  • mountRemote:
    #!/bin/bash
    sshfs user@myserver.org:/home/user/shared /home/user/.remotedir
    encfs /home/user/.remotedir-hucak/encrypted /home/user/Remote
  • umountRemote:
    #!/bin/bash
    fusermount -u ~/Remote
    fusermount -u ~/.remotedir-hucak
Posted by Beerda at 9:42 AM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)