Introduction

Ubuntu allows you to use virtually any inexpensive hosting account as a secure remote encrypted volume. When mounted as explained below, the remote encrypted volume will look and feel like a normal directory, but your computer will transparently encrypt all files on-the-fly when you save them (and transparently decrypt when you open them), and files will be stored, not locally, but in the remote host, using SSH as a secure transport mechanism.

You can use this remote directory for securely sharing files between different computers, or as secure remote backup storage, etc. The only requirement is that you need SSH access to the remote host.

Installation and Setup

1. Install the necessary packages and their dependencies:

sudo apt-get install sshfs encfs

2. Ensure the fuse module gets loaded after every boot by adding it to /etc/modules

echo "fuse" | sudo tee -a /etc/modules

3. Add yourself to the "fuse" group. Only root and members of group "fuse" can use SSHFS

sudo addgroup $(whoami) fuse

3a. Make sure that you're actually a member of the group. Activation may require an X restart.

groups

4. Create the necessary directories in your home folder to mount/unmount the remote volume:

mkdir ~/.remote-secure-volume  ## note the '.'
mkdir ~/remote-encrypted-volume

Mounting

Mounting is a two-step process. First you mount the remote volume using SSHFS (enter your ssh password when prompted), and then you mount the SSHFS-mounted volume as an encrypted volume using Encfs.

Note: the first time you run Encfs, it will ask you to choose a mode -- choose standard mode -- and will also ask you to enter a new encryption password -- enter it twice.

Here are the two commands you need to run:

sshfs your-ssh-username@your-web-host.com:remote-directory ~/.remote-secure-volume
encfs ~/.remote-secure-volume $HOME/remote-encrypted-volume

The first command mounts the remote volume over SSH; the second command mounts it as an encrypted volume. (Obviously, you need to substitute "your-ssh-username", "your-web-host.com", and "remote-directory" as appropriate.) You can also copy these two commands into a shell script if you would like to mount the remote volume with a single command.

Using

When mounted as explained above, the directory 'remote-encrypted-volume' in your home folder can be used as a regular directory. The difference: all files are encrypted on-the-fly before saving, and are saved, not locally, but to a remote host, using SSH as the transport mechanism.

Unmounting

fusermount -u ~/remote-encrypted-volume
fusermount -u ~/.remote-secure-volume

These two commands can also be copied into a shell script to automate the unmounting.

IMPORTANT:

As is usual with free advice, this Howto is posted here in good faith, but no representation or warranty, express or implied, is made as to its accuracy, completeness or adequacy, and it should not be relied on as such. (In plain language: if you run into trouble, you are on your own...)