mirroring a loop device across an ssh connection

Jason openssh at lakedaemon.net
Sat Dec 2 04:35:59 EST 2006


all,

I've been looking into a secure way of accessing a remote loopback 
encrypted partition securely via openssh.

The basic idea I have currently is that a file/partition is connected to 
/dev/loop0 on a remote server, which I have an ssh connection to.  I 
hold the key (for cryptsetup via dm_crypt) on the local client.  I'd 
like to mirror the loop device of the server on the client.  Once that 
is done, I would run cryptsetup with the key on the client and mount as 
normal.

The end application would be for remote secure backup (rsync?) of a 
second encrypted volume on the client.  It is assumed that the remote 
server is untrusted, hence, not running cryptsetup/dm_crypt on the server.

So far, I've looked at Rex/sfs [1], pseudo-tty programming, and a little 
of unix domain sockets.  I'm more familiar with network socket 
programming, though.  My main holdup right now is my lack of familiarity 
with openssh internals.  If someone could point to the right section of 
the src tree, perhaps with a nudge towards how to do this securely, it 
would greatly appreciated.

tia,

Jason.


*** PDF download ***
[1] - http://pdos.csail.mit.edu/papers/sfs:rextr03/MIT-LCS-TR-884.pdf


More information about the openssh-unix-dev mailing list