Circa 2006-12-01 12:35 dixit Jason:
: all,
:
: I've been looking into a secure way of accessing a remote loopback
: encrypted partition securely via openssh.
:
: The basic idea I have currently is that a file/partition is connected to
: /dev/loop0 on a remote server, which I have an ssh connection to. I
: hold the key (for cryptsetup via dm_crypt) on the local client. I'd
: like to mirror the loop device of the server on the client. Once that
: is done, I would run cryptsetup with the key on the client and mount as
: normal.
This sounds like you'll need unix domain sockets. The following may be
of help:
http://bugzilla.mindrot.org/show_bug.cgi?id=1256
: The end application would be for remote secure backup (rsync?) of a
: second encrypted volume on the client. It is assumed that the remote
: server is untrusted, hence, not running cryptsetup/dm_crypt on the server.
:
: So far, I've looked at Rex/sfs [1], pseudo-tty programming, and a little
: of unix domain sockets. I'm more familiar with network socket
: programming, though. My main holdup right now is my lack of familiarity
: with openssh internals. If someone could point to the right section of
: the src tree, perhaps with a nudge towards how to do this securely, it
: would greatly appreciated.
--
jim knoble | jmknoble@pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG key ID: 6F39C2CC >>>>>> http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 5024:D578:7CF4:5660:7269::F6F3:B919:9307:6F39:C2CC)
+----------------------------------------------------------------------+
|[L]iberty, as we all know, cannot flourish in a country that is perma-|
| nently on a war footing, or even a near-war footing. --Aldous Huxley|
+----------------------------------------------------------------------+
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|