I wonder if it is possible to set up an encrypted "file container" on a CentOS VPS? I am the root user of the VPS but the hosting company also has access to the VPS and thus all files. Is it possible to create a LUKS-container on the VPS and those files only be accessible by me? IOW, most of the file system on the VPS would be regular file system but the container could be used by me as needed. This would allow the VPS to reboot normally, I could ssh in normally etc etc. I would rsync files as needed to this LUKS-container though.
----- On Feb 16, 2020, at 5:18 PM, H agents at meddatainc.com wrote:> I wonder if it is possible to set up an encrypted "file container" on a CentOS > VPS?Yes. You can create LUKS-container on CentOS VPS.> I am the root user of the VPS but the hosting company also has access to > the VPS and thus all files. Is it possible to create a LUKS-container on the > VPS and those files only be accessible by me? IOW, most of the file system on > the VPS would be regular file system but the container could be used by me as > needed. This would allow the VPS to reboot normally, I could ssh in normally > etc etc. I would rsync files as needed to this LUKS-container though. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
Am 16.02.20 um 16:46 schrieb Subscriber:> > ----- On Feb 16, 2020, at 5:18 PM, H agents at meddatainc.com wrote: > >> I wonder if it is possible to set up an encrypted "file container" on a CentOS >> VPS? > > Yes. You can create LUKS-container on CentOS VPS. > >> I am the root user of the VPS but the hosting company also has access to >> the VPS and thus all files. Is it possible to create a LUKS-container on the >> VPS and those files only be accessible by me? IOW, most of the file system on >> the VPS would be regular file system but the container could be used by me as >> needed. This would allow the VPS to reboot normally, I could ssh in normally >> etc etc. I would rsync files as needed to this LUKS-container though. >>The threat does not change while using an open "LUKS-container". So, this does not address your threat model. Something that is only "open" on the client side will be more appropriate ... what is your usage scenario? -- Leon
Am 16.02.2020 um 16:18 schrieb H:> I wonder if it is possible to set up an encrypted "file container" on a CentOS VPS? I am the root user of the VPS but the hosting company also has access to the VPS and thus all files. Is it possible to create a LUKS-container on the VPS and those files only be accessible by me? IOW, most of the file system on the VPS would be regular file system but the container could be used by me as needed. This would allow the VPS to reboot normally, I could ssh in normally etc etc. I would rsync files as needed to this LUKS-container though.Sounds like you want a transparent client-side encryption solution. For instance https://cryptomator.org/ https://github.com/cryptomator/cryptomator Alexander
On February 16, 2020 12:13:59 PM EST, Alexander Dalloz <ad+lists at uni-x.org> wrote:>Am 16.02.2020 um 16:18 schrieb H: >> I wonder if it is possible to set up an encrypted "file container" on >a CentOS VPS? I am the root user of the VPS but the hosting company >also has access to the VPS and thus all files. Is it possible to create >a LUKS-container on the VPS and those files only be accessible by me? >IOW, most of the file system on the VPS would be regular file system >but the container could be used by me as needed. This would allow the >VPS to reboot normally, I could ssh in normally etc etc. I would rsync >files as needed to this LUKS-container though. > > >Sounds like you want a transparent client-side encryption solution. For > >instance > >https://cryptomator.org/ >https://github.com/cryptomator/cryptomator > >Alexander > >_______________________________________________ >CentOS mailing list >CentOS at centos.org >https://lists.centos.org/mailman/listinfo/centosInteresting. I looked at the website and it talks about working various cloud solutions but does not explicitly mention a VPS. Is anyone on this list using it?
On 16/02/2020 15:18, H wrote:> I wonder if it is possible to set up an encrypted "file container" on a CentOS VPS? I am the root user of the VPS but the hosting company also has access to the VPS and thus all files. Is it possible to create a LUKS-container on the VPS and those files only be accessible by me? IOW, most of the file system on the VPS would be regular file system but the container could be used by me as needed. This would allow the VPS to reboot normally, I could ssh in normally etc etc. I would rsync files as needed to this LUKS-container though. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centosHow about a loop way? It would be a file which you can luks-enrypt, decrypt, u/mount on demand, keep a small filesystem on it.
On 02/17/2020 05:03 AM, lejeczek via CentOS wrote:> On 16/02/2020 15:18, H wrote: >> I wonder if it is possible to set up an encrypted "file container" on a CentOS VPS? I am the root user of the VPS but the hosting company also has access to the VPS and thus all files. Is it possible to create a LUKS-container on the VPS and those files only be accessible by me? IOW, most of the file system on the VPS would be regular file system but the container could be used by me as needed. This would allow the VPS to reboot normally, I could ssh in normally etc etc. I would rsync files as needed to this LUKS-container though. >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos > How about a loop way? It would be a file which you can luks-enrypt, > decrypt, u/mount on demand, keep a small filesystem on it. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centosWhat is a "loop way"? I googled it together with Linux and file and did not find anything. Is this simply like a separate file that is LUKS-encrypted and I would then mount it for remote access? If so, what would prevent the hosting company - which I presume is the root user - from also accessing it?