I use rsync
to synchronize the data on my client with a decrypted ecryptfs-container on the server.
What I want to achieve is the following automatic process:
- If, on the server,
keyctl show
already has my desired key signature go to (3.) ecryptfs-add-passphrase --fnek
to add my key to the keyring on the servermount -i /mnt/path/to/decrypted
to make sure the decrypted folder is mounted on the serverrsync
from client to server- Optional: Unmount folder and remove key signature (not important here)
Currently, for steps 1,2,3 I use ssh -tq ...
to execute the command and evaluate the result.
My problem is as follows: It seems like ecryptfs requires a persistent user session on the server. Otherwise, the key is added and instantly dropped because of user logout (ssh -tq ...
ends after command completion).
I just recognized that ssh -tq 'ecryptfs-add-passphrase --fnek; mount -i /mnt/path/to/decrypted'
apparently works as expected. The key is dropped again afterwards, but the mount succeeds. This implies I have to realize the "dynamic prompt" (step 1) on the server. Is this already the best solution or can I also realize this on the client?
I stumbled upon your post several times today while trying to realize exactly what you were describing, but did not find any help. I finally managed to find a solution by myself.
This solution is to take advantage of the
--rsync-path
option of rsync. Here is an extract from the man page:The example given in the last paragraph of the manual gave me the idea to use this parameter to mount the ecryptfs directory.
And here is the code: