On 23/02/2020 19:06, H wrote: > On 02/17/2020 05:03 AM, lejeczek via CentOS wrote: >> On 16/02/2020 15:18, H wrote: >>> I wonder if it is possible to set up an encrypted "file container" on a >>> CentOS VPS? I am the root user of the VPS but the hosting company also has >>> access to the VPS and thus all files. Is it possible to create a >>> LUKS-container on the VPS and those files only be accessible by me? IOW, >>> most of the file system on the VPS would be regular file system but the >>> container could be used by me as needed. This would allow the VPS to reboot >>> normally, I could ssh in normally etc etc. I would rsync files as needed to >>> this LUKS-container though. >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos >> How about a loop way? It would be a file which you can luks-enrypt, >> decrypt, u/mount on demand, keep a small filesystem on it. >> >> _______________________________________________ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos > What is a "loop way"? I googled it together with Linux and file and did not > find anything. Is this simply like a separate file that is LUKS-encrypted and > I would then mount it for remote access? If so, what would prevent the > hosting company - which I presume is the root user - from also accessing it? That's that precisely, very easy. a) use dd to create a a file, eg.: dd if=/dev/zero of=gor.loop bs=1M count=2000 b) luks encrypt it: cryptsetup luksFormat gor.loop c) dev mapper mount it: cryptsetup luksOpen gor.loop luks-gor.loop d) fs it: mkfs.ext4 /dev/mapper/luks-gor.loop e) mount it: mount /dev/mapper/luks-gor.loop $PWD/gor.rootfs.encrypted f) use it (to simplify I'd put cryptOpen + mount + unmount + luksClose into a script) g) remember!! still at least (depending how you mount it) the 'root' will have access to that data while mounted, obviously! > _______________________________________________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
