Discussion:
sftp-server file encryption
Jürgen Weber
2018-09-13 15:16:35 UTC
Permalink
Hi,

I wonder if sftp-server could encrypt files before writing to disc. This
would make sshd a poor man's alternative for an encrypting filesystem on a
server.

How to get the crypto key from a client to be used by sftp-server? Upload
the key to a /well/defined/key.pem virtual location? Or can you access the
ssh client certificate from sftp-server?

Can sftp-server call a filter?
Or would one write a sftp-server replacement?

Juergen
Peter Moody
2018-09-13 15:46:13 UTC
Permalink
Why not just encrypt the files before you upload them?
Post by Jürgen Weber
Hi,
I wonder if sftp-server could encrypt files before writing to disc. This
would make sshd a poor man's alternative for an encrypting filesystem on a
server.
How to get the crypto key from a client to be used by sftp-server? Upload
the key to a /well/defined/key.pem virtual location? Or can you access the
ssh client certificate from sftp-server?
Can sftp-server call a filter?
Or would one write a sftp-server replacement?
Juergen
_______________________________________________
openssh-unix-dev mailing list
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Jürgen Weber
2018-09-13 15:56:02 UTC
Permalink
usability. if the server encrypts no need for any special client software
on any of your Linux/Win/Android gadges.

Juergen
Post by Peter Moody
Why not just encrypt the files before you upload them?
Post by Jürgen Weber
Hi,
I wonder if sftp-server could encrypt files before writing to disc. This
would make sshd a poor man's alternative for an encrypting filesystem on a
server.
How to get the crypto key from a client to be used by sftp-server? Upload
the key to a /well/defined/key.pem virtual location? Or can you access the
ssh client certificate from sftp-server?
Can sftp-server call a filter?
Or would one write a sftp-server replacement?
Juergen
_______________________________________________
openssh-unix-dev mailing list
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Peter Stuge
2018-09-13 19:15:26 UTC
Permalink
Post by Jürgen Weber
I wonder if sftp-server could encrypt files before writing to disc.
This would make sshd a poor man's alternative for an encrypting
filesystem on a server.
What does the poor man want to gain with this encryption?
Post by Jürgen Weber
How to get the crypto key from a client to be used by sftp-server?
Upload the key to a /well/defined/key.pem virtual location?
That can be implemented, but I don't know that it's a good idea. If
the poor man controls the server to implement something like that, then
the poor man can probably also just enable full disk crypto.
Post by Jürgen Weber
Or can you access the ssh client certificate from sftp-server?
SSH clients don't always use a certificate, nor always a key.
Post by Jürgen Weber
Can sftp-server call a filter?
No, but you can post-process uploaded files as the filesystem changes.
Post by Jürgen Weber
Or would one write a sftp-server replacement?
You can, but the poor man needs root access to deploy that, and if he
is root then he's probably better off with full disk crypto.


//Peter
Dr. Nagy Elemér Kár oly
2018-09-13 20:30:32 UTC
Permalink
Dear Peter, dear list,

An interesting scenario is when the user stores encrypted files on a server without the server admin and other users
having access to the files. This could be implemented on the client side by encrypting the files before sending to the
server and decrypting it while receiving - and this could be done by the SSH client. I would like that feature - very
much. It would make "automagic" possible - storing encrypted files with autofs for transparent encrypted network file
storage. Sounds really awesome.

It would be nice if the server would tell the client which key the client used to encode the files - this could be
implemented many ways, one approach is to write the public key / fingerprint to the beginning of the file before the
actual content or to have a meta file next to the actual file. I see less practical use with password authentication, but
a timestamp or the first two characters of the password as the meta would also help the forgetful persons like me.

I would really like SFTP/SSHFS take over other network file storage protocols. This could be a killer feature to achieve
that.

Best wishes:
Elmar
Ben Lindstrom
2018-09-14 17:13:57 UTC
Permalink
I would personally rather see a new subsystem written instead of
mangling "sftp" further into something it was never designed to do. It
fails at being sshfs because of all the hackery required need to make it
a proper "filesystem" remote protocol.

And I know a lot of the current OpenSSH/OpenBSD developers agrees with
me on this. Which is why newer sftp RFCs haven't been implemented that
try and mangle it into a filesystem protocol.

Ben
Post by Dr. Nagy Elemér Kár oly
Dear Peter, dear list,
An interesting scenario is when the user stores encrypted files on a server without the server admin and other users
having access to the files. This could be implemented on the client side by encrypting the files before sending to the
server and decrypting it while receiving - and this could be done by the SSH client. I would like that feature - very
much. It would make "automagic" possible - storing encrypted files with autofs for transparent encrypted network file
storage. Sounds really awesome.
It would be nice if the server would tell the client which key the client used to encode the files - this could be
implemented many ways, one approach is to write the public key / fingerprint to the beginning of the file before the
actual content or to have a meta file next to the actual file. I see less practical use with password authentication, but
a timestamp or the first two characters of the password as the meta would also help the forgetful persons like me.
I would really like SFTP/SSHFS take over other network file storage protocols. This could be a killer feature to achieve
that.
Elmar
_______________________________________________
openssh-unix-dev mailing list
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Jürgen Weber
2018-09-13 21:07:11 UTC
Permalink
there are cheap virtual linux root servers that don't support
encrypted filesystems, even if you have root, as even root cannot
change the kernel or modules.

And most sftp clients will allow you to set the server port, so no
need to run as root at all. Why not run an encrypting sftp server at
port 2222 as user demon? Just a secure box at yourserver:2222 you drop
your files into. No infra structure needed except a port and some
directory.

And, to create an incremental backup of a bunch of encrypted files is
way easier than a backup of an encrypted file system.

Juergen
Post by Peter Stuge
Post by Jürgen Weber
I wonder if sftp-server could encrypt files before writing to disc.
This would make sshd a poor man's alternative for an encrypting
filesystem on a server.
What does the poor man want to gain with this encryption?
Post by Jürgen Weber
How to get the crypto key from a client to be used by sftp-server?
Upload the key to a /well/defined/key.pem virtual location?
That can be implemented, but I don't know that it's a good idea. If
the poor man controls the server to implement something like that, then
the poor man can probably also just enable full disk crypto.
Post by Jürgen Weber
Or can you access the ssh client certificate from sftp-server?
SSH clients don't always use a certificate, nor always a key.
Post by Jürgen Weber
Can sftp-server call a filter?
No, but you can post-process uploaded files as the filesystem changes.
Post by Jürgen Weber
Or would one write a sftp-server replacement?
You can, but the poor man needs root access to deploy that, and if he
is root then he's probably better off with full disk crypto.
//Peter
_______________________________________________
openssh-unix-dev mailing list
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Continue reading on narkive:
Loading...