RE: Shared encrypted filesystem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----Original Message-----
From: users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Bill Davidsen
Sent: Tuesday, February 22, 2011 10:38 PM
To: Community support for Fedora users
Subject: Shared encrypted filesystem

Any thoughts on remote mounting a filesystem securely? Clearly I could just export it and count on the encryption in the WiFi and the VPN to protect the data, but that leaves it mounted in clear on the server. I looked at putting the data in a file mounted with cryptoloop on the client, which works, or creating a loop device and then having that be a LUKS device. I haven't tried that last one, but my notes say I did create a local loop/LUKS device for a demo, so I suppose it could happen.

Is there some simple and common additional method I've missed?

The file is "shared" at various locations, but it would work if only one client at a time could access it, writes are rare, even needing access is unusual, but it does happen.

-----Original Message-----

Trusting wifi? No way!
Trusting openvpn / ipsec? No problem, if done properly...
Remote mounting over wifi? You better watch your errorcount continuously.
Copying a file across is one thing, a remote filesystem over an unreliable medium is something else.

But in general, what are you protecting against who? 
Storage encryption and network encryption are two completely different fields.
A LUKS-device is only protected as long as it is Unmounted, after mounting it is just another mount-point.

Instead of a file, you might consider exporting an (encrypted) logical volume with iscsi, through vpn.

hw

______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux