[CentOS] Encrypted container on CentOS VPS

Mon Feb 24 13:55:01 UTC 2020
Valeri Galtsev <galtsev at kicp.uchicago.edu>


> On Feb 24, 2020, at 3:41 AM, Pete Biggs <pete at biggs.org.uk> wrote:
> 
> 
>> 
>> What is a "loop way"? I googled it together with Linux and file and
>> did not find anything.
> 
> The proper term is "loopback filesystem".
> 

This HOWTO I used some 15+ years ago:

http://www.tldp.org/HOWTO/archived/Loopback-Encrypted-Filesystem-HOWTO/Loopback-Encrypted-Filesystem-HOWTO-3.html

Search (not “google”, duckduckgo for me ;-) for "encrypted loopback filesystem howto”...

Valeri

>> Is this simply like a separate file that is LUKS-encrypted and I
>> would then mount it for remote access?
> 
> Yes, it's a filesystem in a file that you mount with '-o loop'.
> 
>> If so, what would prevent the hosting company - which I presume is
>> the root user - from also accessing it?
> 
> You provide the decryption password when you mount it.  Once the
> filesystem is mounted anyone with the appropriate permissions can read
> it.  You can reduce the opportunity of someone accessing it by only
> mounting it when you need it and unmounting it as soon as possible.
> 
> TBH, if you don't trust the root user of a system, then there's not
> much you can do - there are just so many ways a privileged user can get
> access to things, both "legitimately" because of their absolute access
> or "covertly" using trojans and so on that you would never know about.
> If you have legitimate concerns about the hosting company, then find a
> different one. 
> 
> P.
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++