all,
I've been looking into a secure way of accessing a remote loopback
encrypted partition securely via openssh.
The basic idea I have currently is that a file/partition is connected to
/dev/loop0 on a remote server, which I have an ssh connection to. I
hold the key (for cryptsetup via dm_crypt) on the local client. I'd
like to mirror the loop device of the server on the client. Once that
is done, I would run cryptsetup with the key on the client and mount as
normal.
The end application would be for remote secure backup (rsync?) of a
second encrypted volume on the client. It is assumed that the remote
server is untrusted, hence, not running cryptsetup/dm_crypt on the server.
So far, I've looked at Rex/sfs [1], pseudo-tty programming, and a little
of unix domain sockets. I'm more familiar with network socket
programming, though. My main holdup right now is my lack of familiarity
with openssh internals. If someone could point to the right section of
the src tree, perhaps with a nudge towards how to do this securely, it
would greatly appreciated.
tia,
Jason.
*** PDF download ***
[1] - http://pdos.csail.mit.edu/papers/sfs:rextr03/MIT-LCS-TR-884.pdf
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|