Home / server / Questions / 904262
Accepted
Pavel Niedoba
Asked: 2018-03-24 09:00:47 +0800 CST

Remote encrypted mount

  • 772

I tried this sshfs without shell access, but I realized I should ask opposite way

I would love to mount remote file system automatically, over encrypted tunnel preferably using private/public keys.

It should not mean any security risk (no ssh login or so), only reading/writing to remote sub-folder (like NFS over openVpn / unlike sshfs)

It should preserve user, groups, permissions

It should be easy to configure (like sshfs / unlike NFS overVpn)

It should be in standard repositories (linux)

It should reconnect if connection drops (or ip change)

Is there such thing or am I asking too much ?

backup

1 Answers

  1. Best Answer

    On remote server set up a sftp-only non-root account with these contents of sshd_config:

    Match User pavel
ForceCommand internal-sftp
# Don't add more lines below, they will be inside a Match block.

    On local system install and configure sshfs. Use -o reconnect,ServerAliveInterval=5,ServerAliveCountMax=3 like I describe in another answer. Optionally install and configure autofs, which will provide automatic mount/umount.

    No ssh access: check.

    Only reading/writing to remote sub-folder: check.

    Preserve user, groups: only in a very limited manner (exactly like sftp command).

    Preserve permissions: check (but google sftp umask)

    Easy to configure (like sshfs): check.

    It should be in standard Linux repositories: check.

    It should reconnect if connection drops (or ip changes): check.

    If you get it to work, you could also play with adding ChrootDirectory /only/this/path to sshd_config for increased security.

    • 4