How would you protect files of a VPS (Virtual Private Server) from snooping by the service provider?

  • @[email protected]
    link
    fedilink
    32 months ago

    So how do you decrypt the LUKS vault when you have no sshd running as that thing is not up yet?

    • fuzzy_feeling
      link
      fedilink
      42 months ago

      you can but an ssh server in your initramfs.
      dropbear-initramfs i guess was the name in debian.

      • @[email protected]
        link
        fedilink
        1
        edit-2
        2 months ago

        Pretty cool!

        Android and ChromeOS both also just use fuse for userspace (and user-files) encryption. This could totally be used too.

        But of course, if something is not on your RAM it is not safe

    • @NegativeLookBehind
      link
      English
      12 months ago

      Do VPSs typical give you LOM? Honest question. Maybe LUKs isn’t good if you can’t console in.

      • @[email protected]
        link
        fedilink
        English
        52 months ago

        LUKS, or anything that relies on the server encrypting, is highly vulnerable (see [email protected]’s response).

        Your best bet would be encrypting client side before it arrives on the server using a solution like rclone, restic, borg, etc.

      • @[email protected]
        link
        fedilink
        12 months ago

        Yeah, at least the ones I used have some kind of console/terminal you can use and often you can access BIOS and reinstall the OS if you want.

    • @JubilantJaguar
      link
      12 months ago

      Another option: encrypt a sparse file rather than a disk volume. Mount the file to local filesystem and open and close it there.