[Gllug] Remote encrypted unattended file server

Simon Firth simonfirth at gmx.net
Wed Jun 18 23:57:58 UTC 2008


Hello all -

I'd like to setup a system at a remote site (a friend's house) for file
storage / backup. Naturally (imo) I'd like my data to be encrypted. My
friend will not be able to provide any technical assistance whatsoever.

At present my desktop machine runs OpenSuse 10.2, with an encrypted
(LUKS) root (and /home) filesystem. I leave it running 24/7, and access
my files when away from home with ssh or sshfs, and I've just started
using FreeNX. Although this is at the limit of my current capability, it
seems to work ok, subject to the highly variable internet speeds I've
experienced.

I thought of setting up a similar system at the remote site, but the
obvious problem is that, in the event of say, a power outage or
brownout, I would have to divulge the passphrase to have the system
booted, over the phone, and as stated there will be no support at all at
the remote site anyway.

So, the requirement is for:
* Remote file server
* Data to be encrypted on the remote HD and on the wire
* Able to boot to operational state on power up


I'm hoping that the unattended, zero on-site support issue can be
addressed (or at least mitigated) by booting / running from CD, using a
UPS or both. I don't have the knowledge to do this yet, but I think I
can see how it could be done. I realise that no unattended system is
ever going to provide 100% uptime, but if I can make it work, I could
always have two!

As to the other requirements - encryption on the HD and on the wire, I'm
thinking nbd may be the answer. So far though, I haven't been able to
figure out how I would "authenticate" - I think that's the correct term
- how I would ensure that only I would have access to the nbd.

I'd be very interested in and appreciative of hearing from others,
regarding any experience they've had with such a setup, or indeed any
thoughts on how it might be achieved, potential pitfalls, or the concept
in general.

I'd also be happy to be told of any misunderstandings demonstrated by
the above, or even that it's all just too ambitious for a newbie like
me. Also welcome, comments on the security model of my current remote
access to my desktop as described above. Thanks in advance...

Simon

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list