/usr/share/doc/cryptmount/README.sshfs is in cryptmount 5.2.2-1+b1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 | Encrypted filesystem on a remote host using "cryptmount"
(A) Assumptions
* Remote machine is called "rmach"
* User login on the local machine is "luser"
* User login on the remote machine is "ruser"
* No firewall (otherwise an error "read: connection reset by peer"
can occur).
* SSH public key of user "luser" is present in
~ruser/.ssh/authorized_keys
on "rmach"
* User "luser" is a member of the "fuse" group, to allow reading of
/etc/fuse.conf
* Option
user_allow_other
is enabled in
/etc/fuse.conf
(B) Preparing a "virtual device" (operations to be performed once)
The following must be performed as the ordinary user on the
local machine.
1. Mount the remote home on the local machine:
$ mkdir -p mnt/remote
$ sshfs ruser@rmach: mnt/remote
2. Create a 100 GB (sparse) file that will contain the filesystem:
$ cd mnt/remote
$ truncate -s 100G virtual_disk.img
3. Release the mount point:
$ cd
$ fusermount -u mnt/remote
4. Define a mount point whose contents will be stored encrypted, e.g.
$ mkdir enc_remote
The following must be performed as "root" on the local machine.
5. Create an entry in "/etc/cryptmount/cmtab"
luser_data {
dev=/home/luser/mnt/remote/virtual_disk.img
dir=/home/luser/enc_remote
loop=auto
fstype=ext4 mountoptions=defaults
cipher=aes-cbc-plain
keyformat=luks
}
6. Mount the remote filesystem:
# cd ~luser
# sshfs -o IdentityFile=~luser/.ssh/id_rsa ruser@rmach: mnt/remote
7. Prepare the encrypted device (setting the password to access the
encrypted filesystem data):
# cryptmount --prepare luser_data
8. Create the filesystem (must be same as defined in the "cmtab" entry)
# mkfs.ext4 /dev/mapper/luser_data
# chown luser.luser
9. Finalize:
# cryptmount --release luser_data
10. Mount encrypted filesystem in order to set appropriate ownership:
# cryptmount luser_data
# chown luser.luser /home/luser/enc_remote
11. Release all resources:
# cryptmount -u luser_data
# fusermount -u mnt/remote
(C) Saving data to the remote encrypted filesystem
1. Mounting the remote home (as an ordinary user):
$ sshfs -o allow_root ruser@rmach: mnt/remote
2. Mounting the encrypted filesystem (password will be requested):
$ cryptmount luser_data
3. Checking the available space on the encrypted filsystem:
$ df -k enc_remote
|