[Gllug] Remote encrypted unattended file server

Shevek gllug at anarres.org
Thu Jun 19 01:49:57 UTC 2008

On Thu, 2008-06-19 at 00:57 +0100, Simon Firth wrote:
> Hello all -
> I'd like to setup a system at a remote site (a friend's house) for file
> storage / backup. Naturally (imo) I'd like my data to be encrypted. My
> friend will not be able to provide any technical assistance whatsoever.

> As to the other requirements - encryption on the HD and on the wire, I'm
> thinking nbd may be the answer. So far though, I haven't been able to
> figure out how I would "authenticate" - I think that's the correct term
> - how I would ensure that only I would have access to the nbd.

If you run dm-crypt over nbd, there is no requirement to have any crypto
on the remote system at all; further, there is no requirement to have an
extra wire-encryption layer. The data never exists unencrypted outside
your source system.

Whether this is a safe application of the cryptographic protocol is an
exercise for the interested reader. I suspect in any case it will
probably be harder for the (presumably ... no, let's not presume) than a
rubber hose attack on your friend.


Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list