Not sure if this kind of review/validation question is allowed - please delete if it isn't.
Like many before, I'm looking for ways to do cloud backup in a way where I trust that I'm still the only one with access to the information.
Context / goals / hypothesis:
- data is natively stored on a Linux computer
- information loss isn't a concern - I have other backups, but the current "offsite" component doesn't satisfy me.
The core idea is well described in this blog post. Summarizing, the strategy consists in:
- obtaining access to a remote server that provides ssh access
- mounting that server's filesystem over SSHFS
- creating a large file over there, and set it up as a LUKS/cryptsetup loop container
- mounting the file locally as loop
- and backing-up into the loop file
Questions:
- My understanding is that in this case, the encryption key is never seen by the remote server - so even if the SSH connection was to be listened to, the key wouldn't be compromized.
- This strategy assumes that SSHFS and LUKS/cryptsetup are "wise" enough to only transfer blocks which are required for I/O operations - not the whole file. Is this the case? Would a different "filesystem-over-network" be more appropriate ?
- Any other hole/weakness in this strategy?
Thanks
