On-line Encrypted Backups for Your Laptop
Building omnifs fails to find FUSE during configure unless I create the link in /usr/local.
To configure the FUSE filesystem, first log in to Omnidrive's Web interface (web.omnidrive.com), and note the API and API-private keys for use in the configuration file. After logging in, the keys are available by clicking the Settings button in the top right of the browser and then the API tab in the center of screen.
By default, the omnifs command runs in the foreground, so it blocks the terminal as long as the FUSE mountpoint is valid. After running the omnifs executable to mount the FUSE filesystem, the remote storage appears just like any filesystem:
$ cd ~/rawfs $ date >| foo.txt $ cat foo.txt Thu Aug 23 17:50:23 EDT 2007 $ ls -l total 0 drwx------ 0 ben ben 0 2007-08-31 03:15 Downloads -rwx------ 0 ben ben 29 2007-08-31 08:50 foo.txt
I found that omnifs occasionally can hang at “DEBUG: OMNI_ReadDir Called” in its log file. Restarting the omnifs executable usually helps get things going again.
Using SSH as the underlying transport for the FUSE filesystem limits usage to Internet connections that do not filter out non-Web traffic.
Given that you can use SSH directly with rsync, you might be wondering why bother with FUSE at all. Using SSH protects the transport of your information to the SSH server. Note that once the files you rsync to the server have been sent, they are not encrypted on the server's filesystem. If you don't have complete faith in the security of the SSH server, using sshfs to provide FUSE access lets you use the same cryptography discussed in the next section to protect your backups on the SSH server. Also, having all of your on-line storage accessible through FUSE lets you quickly change where you are storing an on-line backup without affecting the rest of the system.
In Fedora, sshfs already is packaged and can be installed with yum. Installation from source follows the standard configure path:
# yum install fuse-sshfs
$ ./configure && make; $ su -l # make install
Assuming you are using public keys on the server into which you are ssh-ing, starting to use sshfs is easy. As shown in Listing 1, I first add the server's key to my SSH agent before ssh-ing into the server and creating a directory to use for my on-line storage. I exit the connection and mount the SSH server to ~/rawfs and touch a file in a predictable way. The last command is ssh-ing into the server again to verify that the date has been added to a file in the on-line storage directory.
The mounting of sshfs can be tucked away into a script file, as shown in Listing 2. This can be convenient if you do not have a passphrase on the SSH key or if you do not always add (or want to add) that SSH key to your SSH agent.
Listing 1. Using sshfs to Mount an SSH Server
local$ ssh-agent bash local$ ssh-add .ssh/myserv ... local$ ssh myserv.example.com ex.com$ mkdir online-storage ex.com$ exit local$ sshfs \ email@example.com::/home/ben/online-storage \ ~/rawfs -o idmap=user local$ date >| ~/rawfs/datefile1.txt local$ fusermount -u ~/rawfs local$ ssh myserv.example.com ex.com$ cat online-storage/*txt Fri Aug 24 17:16:40 EDT 2007
Listing 2. A Little Script to Mount Your sshfs
$ cat ~/bin/mount-sshfs-example.sh #!/usr/bin/ssh-agent bash ssh-add .ssh/myserv sshfs \ firstname.lastname@example.org:/home/ben/online-storage \ ~/rawfs -o idmap=user
If you are running a 2.6.20 kernel or later, eCryptfs should be ready for use without any setup work. Running a 2.6.22 Fedora 7 updated kernel, I had major problems getting eCryptfs to work properly where the base filesystem was stored on a FUSE filesystem. When I did get eCryptfs to mount, there were errors with trying to use rsync to the eCryptfs filesystem, which finally resulted in a kernel oops. I have eCryptfs working fine using a local ext3 filesystem to store its encrypted data, so I suspect it is an issue with eCryptfs and FUSE interaction. Depending on which distribution you are running, setting up eCryptfs to allow nonroot users to mount an encrypted filesystem also can require some tinkering with PAM.
EncFS is a FUSE filesystem that takes a “raw” filesystem and presents a new filesystem. Any files created on the new filesystem will be encrypted and stored to the raw filesystem. EncFS requires FUSE, OpenSSL and rlog. The FUSE EncFS filesystem can be installed either from your distribution's package repository or manually, like this:
yum install fuse-encfs
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide