Shared encrypted filesystem
Adrian Sevcenco
Adrian.Sevcenco at cern.ch
Tue Feb 22 22:34:52 UTC 2011
On 02/22/2011 11:37 PM, Bill Davidsen wrote:
> Any thoughts on remote mounting a filesystem securely? Clearly I could just
> export it and count on the encryption in the WiFi and the VPN to protect the
> data, but that leaves it mounted in clear on the server. I looked at putting the
> data in a file mounted with cryptoloop on the client, which works, or creating a
> loop device and then having that be a LUKS device. I haven't tried that last
> one, but my notes say I did create a local loop/LUKS device for a demo, so I
> suppose it could happen.
>
> Is there some simple and common additional method I've missed?
tunneling over ssh or some other encrypted tunnel (with openssl) the NFS
or CIFS communication...
the encrypted part is useful only for offline (lack of key) denial of
data reading .. or you could export an encrypted block device thru iscsi
(or nbd) and mount and decrypt on initiator..
HTH,
Adrian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3110 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20110223/93c8bb1d/attachment.bin
More information about the users
mailing list