Reputation: 43
How to mount remote ecryptfs directory?
I use rsync to synchronize the data on my client with a decrypted ecryptfs-container on the server.
What I want to achieve is the following automatic process:
- If, on the server,
keyctl showalready has my desired key signature go to (3.) ecryptfs-add-passphrase --fnekto add my key to the keyring on the servermount -i /mnt/path/to/decryptedto make sure the decrypted folder is mounted on the serverrsyncfrom client to server- Optional: Unmount folder and remove key signature (not important here)
Currently, for steps 1,2,3 I use ssh -tq ... to execute the command and evaluate the result.
My problem is as follows: It seems like ecryptfs requires a persistent user session on the server. Otherwise, the key is added and instantly dropped because of user logout (ssh -tq ... ends after command completion).
I just recognized that ssh -tq 'ecryptfs-add-passphrase --fnek; mount -i /mnt/path/to/decrypted' apparently works as expected. The key is dropped again afterwards, but the mount succeeds. This implies I have to realize the "dynamic prompt" (step 1) on the server. Is this already the best solution or can I also realize this on the client?
Upvotes: 2
Views: 1879
Answers (1)
Reputation: 20355
I stumbled upon your post several times today while trying to realize exactly what you were describing, but did not find any help. I finally managed to find a solution by myself.
This solution is to take advantage of the --rsync-path option of rsync. Here is an extract from the man page:
--rsync-path=PROGRAM
Use this to specify what program is to be run on the remote
machine to start-up rsync. Often used when rsync is not in the
default remote-shell’s path (e.g. --rsync-
path=/usr/local/bin/rsync). Note that PROGRAM is run with the
help of a shell, so it can be any program, script, or command
sequence you’d care to run, so long as it does not corrupt the
standard-in & standard-out that rsync is using to communicate.
One tricky example is to set a different default directory on
the remote machine for use with the --relative option. For
instance:
rsync -avR --rsync-path="cd /a/b && rsync" hst:c/d /e/
The example given in the last paragraph of the manual gave me the idea to use this parameter to mount the ecryptfs directory.
And here is the code:
rsync --rsync-path="(printf \"%s\" \"$passphrase\" | ecryptfs-add-passphrase --fnek && ecryptfs-mount-private) &> /dev/null && rsync" -aKLv local_to_sync remotehost.com:~/Private/
Upvotes: 2
Related Questions
- How do I remove the passphrase for the SSH key without having to create a new key?
- How to specify the private SSH-key to use when executing shell command on Git?
- How to use SSH to run a local shell script on a remote machine?
- How do I copy a folder from remote to local using scp?
- SSH Key: “Permissions 0644 for 'id_rsa.pub' are too open.” on mac
- Copying files using rsync from remote server to local machine
- How do I mount/unlock my custom (!) ecryptfs directory on login?