Hello, I'm helping a small org. (2-4 people) set up a secure fileserver for sensitive documents. Primarily, it should allow files to be transferred over the Internet securely, with time-limited and short-lived (single-use) password-protected download folders. Download user accounts should be removable if needed. Files would be encrypted before being made available for download. Storage area is not likely to go beyond a few GB. Uploading is not required immediately and may never be needed at all. Download traffic may average 5 files a day.
I came up with this: Server-side - OpenVPN server on a dedicated box, running Ubuntu/Debian/CentOS - VPN user accounts set up through scripts - Data on either the same box or a separate fileserver [1] running sftp with folders having execute-only permissions - Separate sftp accounts set up through for each download [2] - Encrypt files using a private key as part of a PKI Client-side - VPN, sftp clients - Location of download file(s) [sent by email or over the phone] - public-key decryption using a public keyserver [3] [1] Overkill? Vague idea that if VPN server is compromised, fileserver need not be [2] Overkill? Single-use password with passwd sent out-of-band enough? [3] I've never set up a PKI-based application. How difficult is it to get a key onto a keyserver? Are there examples of solutions to such problems? Commercial ones are OK if the price is right and doesn't involve going through layers of tech-unaware salepeople. If there are simpler solutions, especially ones that automate account, folder, and file handling, please let me know. Encrypted email attachments are probably not acceptable as the people involved use GMail/YMail/Hotmail accounts. Regards, Sameer ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help