mount encrypted volume form within a Linux-client

J

Joe99

Dabbler
Joined
Mar 3, 2016
Messages
15
Hello

is it possible to mount encrypted volumes from within a Linux-client from the command line/cli?
If not, are there other approaches (if the communication is encrypted as well, much the better) ?

Thank you!
Joe
 
Chris Moore

Chris Moore

Hall of Famer
Joined
May 2, 2015
Messages
10,079
Are you talking about moving your encrypted ZFS pool disks to a Linux system or remotely connecting to a share over the network, your question is not clear.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
If you're going over the network, then the fact that the pool is encrypted is meaningless--it's shared over the network just like any other file share would be using that protocol. Create a SMB or NFS share covering the directory (or directories) you want to share, and check the documentation for your Linux distro for instructions on how to mount that type of share.
 
J

Joe99

Dabbler
Joined
Mar 3, 2016
Messages
15
Does that mean, a remote Linux- or Windows client does not need to deliver credentials in order to access an encrypted FreeNAS volume (shared with SMB)?


Thank you!
Joe
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Whether they need to deliver credentials is a matter of the SMB setup, but if they do, they'll be authentication credentials, not decryption credentials. If your pool is encrypted (which we strongly discourage, by the way), it's decrypted on boot.
 
Chris Moore

Chris Moore

Hall of Famer
Joined
May 2, 2015
Messages
10,079
The encryption of the ZFS storage is protection for the data at rest (when the server is off) when the server is running, it decrypts the data on-the-fly as it is requested by clients. Client systems must authenticate as @danb35 said but the data sent over the network is handled by what ever network sharing protocol you are using, after it has been decrypted by the server. Writes received from the network are encrypted as they are sent down the software stack on the way to the disk. The encryption of the filesystem is totally independent of any network security and is intended to protect your data if the drives should be stolen or if you need to remove a drive to send it in for warranty replacement. The data on disk would be encrypted, so there is no chance your data could be accessed.
I hope that helps to clarify the situation.
 
J

Joe99

Dabbler
Joined
Mar 3, 2016
Messages
15
Thank's a lot for the helpful clarifications!

->If your pool is encrypted (which we strongly discourage, by the way). it's decrypted on boot.
Why? Because the chances of data corruption are higher or because of difficulties to recover
encrypted data from a devective disk?


Thank you!
Joe
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
FreeNAS's implementation of encryption is designed to fail secure, which has had the effect of locking a number of people out of their data. Unless there's a specific legal, regulatory, or industry requirement that data on disk be encrypted, we discourage that in favor of client-side encryption.
 
J

Joe99

Dabbler
Joined
Mar 3, 2016
Messages
15
->FreeNAS's implementation of encryption is designed to fail secure,
Thank you for the warnings about the encrypted volumes :smile:


->The encryption of the filesysem is totally independent of any network security
Does FreeNAS feature an SSH-server in order to be able to encrypt the communication between a remote Linux client (which mounts a FreeNAS volume)?


Thank you!
Joe
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
Joe99 said:
Does FreeNAS feature an SSH-server in order to be able to encrypt the communication between a remote Linux client (which mounts a FreeNAS volume)?
Click to expand...
Yes, obviously.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Joe99 said:
Does FreeNAS feature an SSH-server
Click to expand...
Of course.
Joe99 said:
in order to be able to encrypt the communication between a remote Linux client (which mounts a FreeNAS volume)
Click to expand...
Not at all sure about this, though--I guess you could use SSH tunneling. Do you not trust your LAN to be secure?
 
J

Joe99

Dabbler
Joined
Mar 3, 2016
Messages
15
danb35 said:
FreeNAS's implementation of encryption is designed to fail secure, which has had the effect of locking a number of people out of their data. Unless there's a specific legal, regulatory, or industry requirement that data on disk be encrypted, we discourage that in favor of client-side encryption.
Click to expand...
Thank you for that important information !
Does that mean if encrypion is very important to me, if should go for an other solution, e.g. like the one from Synology with it's eCrypt-FS?

Thank's and regards,
Joe
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
No, it means that it's real encryption, not warm fuzzies encryption.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "mount encrypted volume form within a Linux-client"

Similar threads

J
  • Locked
import/mount of encrypted volumes after hd crash
Replies
4
Views
729
Ericloewe
Ericloewe
T
  • Locked
Brief Outage, now Error getting available space of encrypted volume
Replies
1
Views
1K
pro lamer
pro lamer
J
  • Locked
Syncing & Restoring data > unencrypted ZFS Volume to encrypted ZFS Volume
Replies
3
Views
3K
Jim H
J
Clinderw
  • Locked
Mounting A Dataset - Linux Mount Empty
Replies
1
Views
2K
emptyBox
E
G
Import encrypted pool through API
Replies
2
Views
1K
gork
G
Top