Building and using an encrypted container stored in a remote host (encfs+sshfs)

Those lines below are my notes to mount an remote folder through ssh, using sshfs [1] and building an encrypted container with encfs [2]. I’ll not explain in details how to install sshfs and encfs ’cause it dependes whether linux distribution or unix-like bsd flavor you’re running, furthermore, there are tons of documents on web convering these topics.

IMHO, this is a great solution to easily store securely your files in any remote host (cloud) that you have access through ssh, using well known common unix tools.

1) Mount remote filesystem through ssh:

sshfs user@host:/full/path/dir/ /full/path/mount_point

It’s important to say that directory paths to use with sshfs and encfs should be given in the full form. I mean /home/user/mount_point and not ~/mount_point/. Also, if the user of remote server and local computer has differents uid/gid, you should tell that to sshfs using the flag -o (for more details read the manpages):

sshfs -ouid=1000 -ogid=1000 user@host:/dir/ mount_point

You can check if the remote folder is well mounted doing the df command or listing the files inside this folder. With a df you should seed see something like this:

host:/full/path/dir/ 459G 76G 384G 17% /full/path/mount_point

2) Build an encfs container:

encfs /full/path/mount_point/some_dir /full/path/temp_dir/

The encfs creation routine’s is self explanatory, so just follow the steps and answer accordingly. After this, you should see, with df -h:

encfs 459G 76G 384G 17% /full/path/temp_dir/

3) do the backup with rsync: <- This step is optional, you can copy or move the desired files/folders manually.

rsync -avz /some/dir /temp_dir/

4) When you’re done with the encrypted container and remote file system, eventually, you should umount it. Especially if you’re going to loose connection within it.

4.1) Umount encrypted container:

fusermount -u /temp_dir/

4.2) Umount remote filesystem:

fusermount -u mount_point

The steps to reconnect and remount the remote filesystem/container are the same above, except that when you call the encfs command, it will ask for your container’s password.

And that’s all!



3 thoughts on “Building and using an encrypted container stored in a remote host (encfs+sshfs)

  1. First of all, many thanks for ptoirng this to os x!!!A week ago I ran into trouble with my Ubuntu box 8.0.4 and my new Powerbook with OS X 10.6.1 on it. I’ve been scratching my head for a week, because I had strange errors mounting Ubuntu via ssh. (error 36) & (error 8003)* read write errors. In OS X 10.4 Tiger I had no trouble at all Forget all the keychain options and deny them ALL, throw away the old entries of macfusion and ssh including all the above mentioned (.so files in this forum) In the prefs of Macfusion set the mount timeout to 30 seconds, instead of 3 seconds. I got a lot of host deny errors with this too short timeout. *The strange errors were finally solved when I read the Linux man pages Where are the SSHFS man pages for OS X by the way? In the man pages was 1 option I tried in the ssh/extra options of Macfusion: -o idmap=user which means that all my permissions of my os x user are preserved and it worked like a charm on my new shiny macbook pro!

Leave a Reply