sftp-server file encryption
Peter Stuge
peter at stuge.se
Fri Sep 14 05:15:26 AEST 2018
Jürgen Weber wrote:
> I wonder if sftp-server could encrypt files before writing to disc.
> This would make sshd a poor man's alternative for an encrypting
> filesystem on a server.
What does the poor man want to gain with this encryption?
> How to get the crypto key from a client to be used by sftp-server?
> Upload the key to a /well/defined/key.pem virtual location?
That can be implemented, but I don't know that it's a good idea. If
the poor man controls the server to implement something like that, then
the poor man can probably also just enable full disk crypto.
> Or can you access the ssh client certificate from sftp-server?
SSH clients don't always use a certificate, nor always a key.
> Can sftp-server call a filter?
No, but you can post-process uploaded files as the filesystem changes.
> Or would one write a sftp-server replacement?
You can, but the poor man needs root access to deploy that, and if he
is root then he's probably better off with full disk crypto.
//Peter
More information about the openssh-unix-dev
mailing list