LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 06-19-2008, 06:54 AM   #1
nedlud
LQ Newbie
 
Registered: Oct 2004
Posts: 12

Rep: Reputation: 0
Remote encrypted unattended file server


Hello all -

I'd like to setup a system at a remote site (a friend's house) for file storage / backup. Naturally (imo) I'd like my data to be encrypted. My friend will not be able to provide any technical assistance whatsoever.

At present my desktop machine runs OpenSuse 10.2, with an encrypted (LUKS) root (and /home) filesystem. I leave it running 24/7, and access my files when away from home with ssh or sshfs, and I've just started using FreeNX. Although this is at the limit of my current capability, it seems to work ok, subject to the highly variable internet speeds I've experienced.

I thought of setting up a similar system at the remote site, but the obvious problem is that, in the event of say, a power outage or brownout, I would have to divulge the passphrase to have the system booted, over the phone, and as stated there will be no support at all at the remote site anyway.

So, the requirement is for:
* Remote file server
* Data to be encrypted on the remote HD and on the wire
* Able to boot to operational state on power up


I'm hoping that the unattended, zero on-site support issue can be addressed (or at least mitigated) by booting / running from CD, using a UPS or both. I don't have the knowledge to do this yet, but I think I can see how it could be done. I realise that no unattended system is ever going to provide 100% uptime, but if I can make it work, I could always have two!

As to the other requirements - encryption on the HD and on the wire, I'm thinking nbd may be the answer. So far though, I haven't been able to figure out how I would "authenticate" - I think that's the correct term - how I would ensure that only I would have access to the nbd.

I'd be very interested in and appreciative of hearing from others, regarding any experience they've had with such a setup, or indeed any thoughts on how it might be achieved, potential pitfalls, or the concept in general.

I'd also be happy to be told of any misunderstandings demonstrated by the above, or even that it's all just too ambitious for a newbie like me. Also welcome, comments on the security model of my current remote access to my desktop as described above. Thanks in advance...
 
Old 06-19-2008, 12:32 PM   #2
beadyallen
Member
 
Registered: Mar 2008
Location: UK
Distribution: Fedora, Gentoo
Posts: 209

Rep: Reputation: 36
How about having an encrypted loopback file on the remote host and mounting it locally.
My idea (which works in theory but isn't well tested) is:
-Create a large file (dd if=/dev/zero .....) on the remote system. This will be your filesystem.
-On your local box, mount the containing directory using shfs or nbd, so you can see the file you just created.
-Then create a local loopback encrypted device, using cryptsetup or dm-crypt on the file, and create a filesystem on it.
-Mount the loopback device on the local system.

The advantage to this is that all the mounting and unmounting is done on the local machine. There's no sending of passwords across the network. As far as the remote machine is concerned, you'd just be reading writing random data to a particular file.

As I said, I've had a quick test (between my local machine and an OpenWRT box with a usb stick mounted, and it seems to work fine. You'd have to be careful about syncing etc, and I don't know how it would respond to lost connections and the like, but it should be okay for backup purposes, cron jobs etc. I wouldn't trust it for an 'always connected' filesystem though. At least not without more testing.

Hope this helps.
 
Old 06-20-2008, 04:22 PM   #3
nedlud
LQ Newbie
 
Registered: Oct 2004
Posts: 12

Original Poster
Rep: Reputation: 0
beadyallen wrote:
How about having an encrypted loopback file on the remote host and mounting it locally.
My idea (which works in theory but isn't well tested) is:
-Create a large file (dd if=/dev/zero .....) on the remote system. This will be your filesystem.
-On your local box, mount the containing directory using shfs or nbd, so you can see the file you just created.
-Then create a local loopback encrypted device, using cryptsetup or dm-crypt on the file, and create a filesystem on it.
-Mount the loopback device on the local system.

Hello, and thanks for the reply.

That's just what I had in mind - I haven't tried it yet, but reading around suggests that should work. I sort of feel that a partition via nbd would be better than a container file accessed by sshfs, but can't really justify that beyond saying something like "simpler, fewer steps, more direct".


What I can't figure out is how I can make sure that only I can access the remote nbd. What is to stop anyone doing:

nbd=client <remoteserver-WAN-IP> 1077 /dev/nd0

at which point they might not be able to read my data, but could certainly do some damage...
mke2fs /dev/nd0
or
mount -t ext2 /dev/nd0 /mnt/remote; dd if=/dev/zero of=/mnt/remote bs=1024 count=16000

I suppose it's a matter of "access control", and / or "authentication". Could someone point me in the right direction?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux dev kit targets remote, unattended apps LXer Syndicated Linux News 0 06-14-2006 04:54 PM
Remote File Server SBFree Linux - Newbie 8 03-28-2005 11:19 AM
Unattended windows install from linux server thesnaggle Linux - Software 2 01-06-2005 03:43 PM
Remote File Server macgyver007 Linux - General 1 12-30-2004 11:19 AM
is linux capable of remote install and unattended installation? spyghost Linux - Networking 2 08-09-2004 12:28 PM


All times are GMT -5. The time now is 01:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration