encfs over sshfs to DreamHost backup account

How to set up a encfs over sshfs
(using DreamHost backup space; but discussion is the same)

I wanted to combine the power of sshfs with the security of encfs to backup my personal files on DreamHost's allocated 50G of file backup space. I liked the idea of having my personal files a) backed up and b) on the Internet available for use from work.

Setting up the mount of the remote (DH backup space) directory on a local dir using sshfs:

I created a local mount point 'dreambackup' and issued the command:

$ sshfs -o uid=500 -o gid=500 <dreamhost backup username>@backup.dreamhost.com:/home/<dreamhost backup username> dreambackup

The '-o uid=500' and '-o gid=500' are required so that the final mounted drive has the permissions of my account.
My private key is installed on this backup user so no pw is required.

creating the encrypted fs

I created (in the same dir as the sshfs mountpoint 'dreambackup') a directory 'encfs'.  In the mounted backup (remote) directory, I created 'encfs-crypt-raw'.

Creating the encfs was easy enough:

$ encfs -f dreambackup/encfs-crypt-raw encfs-crypt

The -f runs in foreground mode. The mounted 'clear-text' directory ('encfs-crypt') can then receive files for remote, encrypted storage.

I cd'd to that dir and issued

$ rsync -axv /home/tod .

to backup my home dir (-x prevents crossing filesystem borders -- preventing backing itself up...)

I found it almost unusablly slow. I'm going to let it run thru the night and see how it does.


Free Tag:


Using rsync over sshfs is inefficient because every file has to be downloaded locally in full (in order for rsync to calculate checksums), so you don't get any of the rsync benefits. It's much better to use a tool developed for the purpose like Brackup or Duplicity.

Thanks for the note -- I ended up using an encrypted file store on the DreamHost side that I mount locally.

Hey Todd. Thanks for the tutorial. Will rsync also be running on the server side so checksums are calculated there so as to save it having to transfer everything back to client side to perform the check?

There will be no rsync running remotely that will have access to the files in question as the encryption is done locally -- this everything has to be brought over to work.  Doing the encryption locally pretty much requires this.

(see also the comment below. )