Difference between revisions of "Truecrypt Over NFS or SSH"

# SERVER:
# =======

# read instructions for truecrypt
truecrypt -h | less


# (as root)

# add truecrypt user
# all files in the mounted container will be owned by this user
useradd tcuser

# make the mount point
mkdir /mnt/tcshare

# get the user's UID (assume 1001 for this tutorial)
id -u tcuser

# edit /etc/exports and add this line (where 1001 is the UID of tcuser):
/mnt/tcshare clientname(rw,no_subtree_check,anongid=1001,anonuid=1001)

# make sure NFS server is stopped
service nfs-kernel-server stop

# mount the truecrypt volume (as the tcuser)
su tcuser -c 'truecrypt --mount MyTcVolume.tc /mnt/tcshare'

# Enter the volume password, choose the default [none] and [No] for the next 2 questions, then enter the root password

# export the share and start the NFS server
exportfs -a
service nfs-kernel-server start


# CLIENT:
# =======

# (as root)

# create a local mount point
mkdir /mnt/tcmount

# mount the NFS share
mount -t nfs -o rw servername:/mnt/tcshare /mnt/tcmount


# SECURE CLIENT CONNECTION:
# =========================

# secure alternative to NFS: install package 'sshfs'

# this time you need to setup a password for the tcuser
passwd tcuser

# mount the truecrypt volume on the server like before, but do not set up NFS

# now from the client
sshfs tcuser@servername:/mnt/tcshare /mnt/tcmount

# for better security, setup certificate authentication for ssh


# OTHER ACTIONS:
# ==============

# list mounted truecrypt volumes
truecrypt -l

# dismount truecrypt volume (must be user that mounted it)
truecrypt -d /mnt/tcshare

# if dismount fails, umount the volume
umount /mnt/tcshare

# you might also need to umount the temp volume
umount /tmp/.truecrypt_aux_mnt1

# other truecrypt options:
--force
-p password
--fs-options=opt1,opt2 (forward these to 'mount')