0

I have a gluster file system on top of two zfs RAIDs, and I'm looking to set up filesharing with the following requirements:

1) Data security. Data at rest is taken care of, but I need to make sure any communications between clients and server is encrypted.

2) An easily accessible mount point so that they can access their files locally, and make manual additions / deletions on demand. Preferably something that isn't a glaringly obvious attack surface like a webserver, and which is easily accessible without much configuration from the end user (e.g., running a script creates a mapped directory share on the users desktop).

3) A sync service for something like nightly / weekly backups.

For 1) I like the idea of running all protocols over SSH with 2FA authentication using password protected RSA keys. I've been considering giving my end users passwd protected LUKS thumb drives containing the appropriate RSA keys and having some automated scripting to make the mounts and file transfers.

For 2) I'm concerned that I will run into layer 8 problems with SSH, since most of my end users are not very tech savvy. Also there will potentially be several different flavors of linux, mac, and windows OS on the network. So I'm not entirely sure there is a generalizable way I can script the SSH connections and SMB mounts across these different platforms. For Linux and Mac, it seems relatively relatively straight forward using bash and ssh, maybe even sshfs (apart of fuse), but for windows it seems like it will require substantial input from the end user to configure putty. I was thinking a docker app might fill the need here. As I could run a bash shell w/ the needed software packages on the docker, mount the file server share to the docker, then share the docker files with the host. I'm still not clear how this is could be implemented, or if there are better solutions available which fulfill my needs across platforms.

For 3), I was thinking rsync over ssh, or maybe even targz the users home directory, and remove last nights backup, and scp the new backup to the file server. But again this runs into the same issues as with (2). Plus I think the scp option would be very time and io intensive, so maybe rsync is the only viable option here.

EDIT:

Also, I should note, that I do have a VPN router as well. So I could have them pass through the router and then mount everything without tunneling through SSH as the connection would already be encrypted. Only problem is that the throughput on the VPN router stinks, at least from my initial testing. Plus the one I have only allows 5 simultaneous key based connections, which will likely cause access issues for my end users.

kjskjk kjdksjk
  • 41
  • 5
  • What's wrong with something like Nextcloud? – Michael Hampton Mar 08 '17 at 00:16
  • I'll look into it. But overall, I'd like to stay away from web-services as I think they are inherently insecure. It might be easier from the standpoint of the user, but for security reasons it'd probably be a nightmare to try and audit something like this. – kjskjk kjdksjk Mar 08 '17 at 00:25
  • Huh? Inherently insecure? No more so than some custom protocol, and most likely far less so. You probably can't audit a custom protocol at all... – Michael Hampton Mar 08 '17 at 00:26
  • SSH isn't a custom protocol. I don't know any inherent security vulnerabilities within SSH itself or it's implementation of AES. Typically the only way to really break it is with bruteforce (which should be next to impossible for a long enough key / password), social engineering or evil maid attacks against physical access to key files. Now a a closed source webserver and db that's executing code both server and client-side where access control is only protected by a login screen... eh... Im not sure I'm really comfortable with that. It's without question an attack surface, – kjskjk kjdksjk Mar 08 '17 at 01:00
  • and with the current focus on using frameworks for rapid application development, there's no guarantee that something wont slip through the cracks, and it's most likely the norm. The safest website is plain-text. – kjskjk kjdksjk Mar 08 '17 at 01:00
  • At some point, you have to actually get some work done. – Michael Hampton Mar 08 '17 at 01:05
  • I don't disagree necessarily. I just think that there are case by case issues which sometimes preclude using more higher level dev frameworks. Sure, I'm positive it's a great server loaded with features, but the big issue on my end is first and foremost is with data security. It would be easy for me to make a hole, but the data is too sensitive to take that risk. – kjskjk kjdksjk Mar 08 '17 at 01:14

0 Answers0