Hosting Services, sshfs and cryptsetup
I’m moving hosting to a provider I have less control over. I don’t believe admins there will peak at my files, but the general rule of thumb is to not allow anything that is not permitted, and, since I’m using that box as a off-site backup of my local files, I want all my documents to go into an encrypted container. Only something resembling noise should be visible outside the home network.
To that end, I’m using sshfs to mount a remote directory on my local server. This is a very neat tool, that gives me most of what I’d get from NFS, without the hassle of explicitly encrypting the NFS traffic.
That mounted directory contains a big file that I’m using as my encrypted container. On the local machine, I’m using cryptsetup to open this container and run various rsync scripts against its contents. Everything seems to be working fine, and the cryptsetup and the rsync seem to be doing the right thing.
From the hosted machine’s point of view, there’s an ssh connection from my home IP, followed by a i/o against one of the files. The traffic and the contents of the file will appear to be noise. Keys never leave my local network, so there’s no real danger of a hypothetical bored admin at the hosting company sneaking a peak.