cryptmount 5.2.2-1+b1 / usr / share / doc / cryptmount / README.sshfs

This file is indexed.

/usr/share/doc/cryptmount/README.sshfs is in cryptmount 5.2.2-1+b1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
Encrypted filesystem on a remote host using "cryptmount"

(A) Assumptions

  * Remote machine is called "rmach"
  * User login on the local machine is "luser"
  * User login on the remote machine is "ruser"
  * No firewall (otherwise an error "read: connection reset by peer"
    can occur).
  * SSH public key of user "luser" is present in
      ~ruser/.ssh/authorized_keys
    on "rmach"
  * User "luser" is a member of the "fuse" group, to allow reading of
      /etc/fuse.conf
  * Option
      user_allow_other
    is enabled in
      /etc/fuse.conf


(B) Preparing a "virtual device" (operations to be performed once)

  The following must be performed as the ordinary user on the
  local machine.

    1. Mount the remote home on the local machine:
         $ mkdir -p mnt/remote
         $ sshfs ruser@rmach: mnt/remote

    2. Create a 100 GB (sparse) file that will contain the filesystem:
         $ cd mnt/remote
         $ truncate -s 100G virtual_disk.img

    3. Release the mount point:
         $ cd
         $ fusermount -u mnt/remote

    4. Define a mount point whose contents will be stored encrypted, e.g.
         $ mkdir enc_remote


  The following must be performed as "root" on the local machine.

    5. Create an entry in "/etc/cryptmount/cmtab"

       luser_data {
         dev=/home/luser/mnt/remote/virtual_disk.img
         dir=/home/luser/enc_remote
         loop=auto
         fstype=ext4     mountoptions=defaults
         cipher=aes-cbc-plain
         keyformat=luks
       }

    6. Mount the remote filesystem:
        # cd ~luser
        # sshfs -o IdentityFile=~luser/.ssh/id_rsa ruser@rmach: mnt/remote

    7. Prepare the encrypted device (setting the password to access the
       encrypted filesystem data):
        # cryptmount --prepare luser_data

    8. Create the filesystem (must be same as defined in the "cmtab" entry)
        # mkfs.ext4 /dev/mapper/luser_data
        # chown luser.luser 

    9. Finalize:
        # cryptmount --release luser_data

   10. Mount encrypted filesystem in order to set appropriate ownership:
        # cryptmount luser_data
        # chown luser.luser /home/luser/enc_remote
   
   11. Release all resources:     
        # cryptmount -u luser_data
        # fusermount -u mnt/remote


(C) Saving data to the remote encrypted filesystem

  1. Mounting the remote home (as an ordinary user):
      $ sshfs -o allow_root ruser@rmach: mnt/remote

  2. Mounting the encrypted filesystem (password will be requested):
      $ cryptmount luser_data

  3. Checking the available space on the encrypted filsystem:
      $ df -k enc_remote

APT Browse - Built by Thomas Orozco.