I wanted an easy, lazy, transparent and somewhat secure way to store files on my remote Linux server while I was on the road with my Linux Laptop. Combining SshFS and EncFS has been a great way to achieve this. Both of these programs are in the Debian/Ubuntu repositories.


SSH Filesystem (http://fuse.sourceforge.net/sshfs.html) is a file system client that allows you to mount a remote directory on your client machine over SFTP. I find this incredibly useful and reliable and have used it in a number of situations.

$ sshfs -o IdentityFile=/home/desktopuser/.ssh/private.key -o port=2222 -ouid=2000,gid=2000 user@remoteserver.com:/home/user/storage /mount/remotestorage


A description from the EncFS website (http://www.arg0.net/encfs): EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface.

Running encfs for the first time will automatically start configuration mode. The default “pre-configured paranoia mode” will setup a filesystem with the following properties:

Filesystem cipher: "ssl/aes", version 3:0:2
Filename encoding: "nameio/block", version 3:0:1
Key Size: 256 bits
Block Size: 1024 bytes, including 8 byte MAC header
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File data IV is chained to filename IV.
File holes passed through to ciphertext

Using encfs:

$ encfs /anywhere/encfsCrypt /anywhere/encfsMountPoint

Now on my Laptop any files that I copy to the encfsMountPoint will be encrypted before they touch the remote server.

Update 21/1/2014: A paid 10-hour security audit has found a couple of issues you should know about when deciding to use EncFs or not: https://defuse.ca/audits/encfs.htm