You are not logged in.
Hi,
I'm thinking about storing some private data on my VPS. I am the only person that has access to the virtual server, but of ofcourse in reality it's a virtual XEN server hosted by someone else. So I don't have hardware access and I can't control who has.
Would it be safe to store sensitive data on a VPS, even if I unmount the unencrypted version of the files (in case of something like encfs)?
Offline
Encrypt them locally with gpg, upload those and you should be safe. If you can't trust your ISP I'd rather suggest to switch though...
Offline
You can use a cryptographic filesystem like eCryptfs to encrypt your $HOME. But procmail can't put your mail there when your not on, cronjobs can't read information from it, you can't serve a personal web page... not if you encrypt it all.
Maybe it's not all worth the trouble for you, leaving certain files unencrypted, why not protect only the most important ones? Then you decide to encrypt only a directory like ~/Secret, but that is not much different then using application-based encryption and protecting individual files with GPG.
Consider these solutions and pick one that suits you best, you have a right to be concerned about your VPS see this article for a horror story http://blog.sucuri.net/2010/02/godaddy- … clear.html
You need to install an RTFM interface.
Offline
Great horror story! The first thing I did on my vps was chaning my root password to be on the safe side. I like the eCryptfs suggestion, I will check that out.
Oh, and bluewind, it's not that I don't trust my ISP but I rather be paranoid than sorry.
Offline
An encrypted file system on a VPS provides no additional security if you are worried about your hosting provider snooping. They can just capture your password when you enter it for decryption. Also, if your VPS is running the encrypted file system would be unlocked and everything would be readable. In general, you should assume your VPS provider has access to everything. If they have root on the host machine they will be able to get root access to the VPS.
You do have options though. As others have mentioned, encrypting the data before backing it up to the VPS would work. Using GPG locally is the answer. You must be careful never to decrypt on the actual VPS though.
Code is everything I thought poetry was... Clean, expressive, urgent, all-encompassing. Fourteen lines can open up to fill the available universe.
Teach Yourself Programming | Learn To Ask Questions | Fight Lost Productivity
Offline
...
They can just capture your password when you enter it for decryption.
...
I think that would be impossible when I log in using ssh, wouldn't it?
Offline
tss wrote:...
They can just capture your password when you enter it for decryption.
...I think that would be impossible when I log in using ssh, wouldn't it?
SSH doesn't protect you in this case. SSH protects your communication from end-to-end. Anything on either end is unencrypted. So an attacker on your laptop or on your VPS would be able to see what you type. The password for the encrypted filesystem on the VPS is visible in plain text to the VPS provider (if they are watching for it) when you decrypt the filesystem.
Code is everything I thought poetry was... Clean, expressive, urgent, all-encompassing. Fourteen lines can open up to fill the available universe.
Teach Yourself Programming | Learn To Ask Questions | Fight Lost Productivity
Offline