0

I would like to do something really paranoid but I am not sure it could be done at least easily... Let's see if I can explain properly:

I have a server running debian (could be changed to any other dist but debian is the one I feel more comfortable with). I would like to have a disk encrypted, a file mounted as a FS or whatever that doesn't mind.

This server will be connected remotely only through secured connections scp of sftp. I would like to set the home to this encrypted disk and I would like to allow to see the encrypted files only to the logged thru the ssh/sftp system only. those files will be transferred to the user computer via ssh so they will remain encrypted.

I don't mind if a two step authentication have to be done, one for the ssh and other for the encryption but I need it to be private and secure. As you can imagine the idea of this is having a company remote repository in a hosted server. this data is pretty sensitive so we want to be paranoid.

Any idea? I am looking into the wrong direction?

As usual I really appreciate your support.

zordor
  • 133
  • 1
  • 11

1 Answers1

1

SSHFS to a machine running with encrypted home directories would fit this bill.

jfalcon aka Don Fanning
  • 346
  • 1
  • 8
  • But what kind of encryption need for the home directories? Mmh... I will try, thanks for the hint :) – zordor Jun 07 '12 at 06:26
  • 1
    http://www.debianadmin.com/filesystem-encryption-tools-for-linux.html - any will do. Alot of the newer distributions are asking whether or not you want to encrypt your home directory. Thusly if your file store is encrypted and your tunnel is encrypted and you're mounting a encrypted file (like TrueCrypt) through these layers of encryption, things should be fine. – jfalcon aka Don Fanning Jun 07 '12 at 06:35
  • That it's true it was easier as I thought. I think I was being too paranoid. My main concern is someone physically controlling the computer or stolling the HD but with this should be good enough. Thanks again! – zordor Jun 07 '12 at 06:40
  • But the root user would be able to get into this folder, I would like to make it to be accessible only thru a password despite of the user privilages – zordor Jun 07 '12 at 07:30
  • hence the truecrypt folder which is encrypted. at any given time there will always be one layer of encryption involved. – jfalcon aka Don Fanning Jun 07 '12 at 14:13