1

Sorry for my ignorance, I am having a peculiar doubt in setting up an SFTP server,

  1. setup an SFTP server with password/keyfile for authentication.
  2. The SFTP user directory should be encrypted at rest.
  3. The SFTP client should able to access to view the encrypted files, but other users should not be able to view it.

I have setup the SFTP server, but I am unable to figure out the solution for the point 2 and 3, as I cannot format the system to create encrypted file system.

Is there any Open Source tool for this problem. Or my approach is terribly wrong.

Bidyut
  • 121
  • 3

1 Answers1

3

You could do this by creating a LUKS container in a file and mounting it as the home of the sftp user e.g. 

# Create a 1G file to work with
dd if=/dev/zero of=/path/to/container bs=1M count=1024

# Make it a LUKS container and open it for use
cryptsetup -y luksFormat /path/to/container
cryptsetup luksOpen /path/to/container sftpvolume

# Format it for use
mkfs.ext4 -j /dev/mapper/sftpvolume

You can now mount it as the sftp home directory

mount /dev/mapper/sftpvolume /home/sftpuser

To mount at startup you will need to craete a suitable entry in /etc/cryptab see crypttab(5) for details and an entry in /etc/fstab see fstab(5) for details.

Normal filesystem permissions should be sufficient to meet your other requirements.

user9517
  • 115,471
  • 20
  • 215
  • 297