[CentOS] Encrypted container on CentOS VPS

Mon Feb 24 09:51:23 UTC 2020
lejeczek <peljasz at yahoo.co.uk>


On 23/02/2020 19:06, H wrote:
> On 02/17/2020 05:03 AM, lejeczek via CentOS wrote:
>> On 16/02/2020 15:18, H wrote:
>>> I wonder if it is possible to set up an encrypted "file container" on a CentOS VPS? I am the root user of the VPS but the hosting company also has access to the VPS and thus all files. Is it possible to create a LUKS-container on the VPS and those files only be accessible by me? IOW, most of the file system on the VPS would be regular file system but the container could be used by me as needed. This would allow the VPS to reboot normally, I could ssh in normally etc etc. I would rsync files as needed to this LUKS-container though.
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>> How about a loop way? It would be a file which you can luks-enrypt,
>> decrypt, u/mount on demand, keep a small filesystem on it.
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> What is a "loop way"? I googled it together with Linux and file and did not find anything. Is this simply like a separate file that is LUKS-encrypted and I would then mount it for remote access? If so, what would prevent the hosting company - which I presume is the root user - from also accessing it?
That's that precisely, very easy.
a) use dd to create a a file, eg.: dd if=/dev/zero
of=gor.loop bs=1M count=2000
b) luks encrypt it: cryptsetup luksFormat gor.loop
c) dev mapper mount it: cryptsetup luksOpen gor.loop
luks-gor.loop
d) fs it: mkfs.ext4 /dev/mapper/luks-gor.loop
e) mount it:  mount /dev/mapper/luks-gor.loop
$PWD/gor.rootfs.encrypted
f) use it (to simplify I'd put cryptOpen + mount + unmount +
luksClose into a script)
g) remember!! still at least (depending how you mount it)
the 'root' will have access to that data while mounted,
obviously!
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos