HOWTO: The Intranet Condom (with Dropbox)
Thanks go to Jenny for the colourful title of this fun little Dropbox hack. So earlier in the week I blogged about my simultaneous desire have seamless access to my remote Dropbox account while simultaneously preventing nefarious local access. Tonight I found a great solution. Dropbox on demand, streaming live to the Internet with zero opportunity for a local attacker to access it…
…now that I’m reflecting on what I’ve done with this I can name a few other ways to even more easily sate both desires. Ho hum. I’ll see this through.
The short version of my Dropbox hack is this: I install and run Dropbox on my laptop. I create a Dropbox folder on my desktop. I mount my laptop’s Dropbox folder into my desktop’s Dropbox folder using SSHFS. I change Pidgin on my desktop to read account information from, and save logs to, Dropbox.
A healthy side-benefit of this scheme is an increased sharing capability between all of your machines. Because Dropbox is the “tunnel” between the two machines, everything else that you send between the two machines is also being stored to the Cloud.
The Intranet Condom (with Dropbox):
Install Dropbox on your laptop, your distro-appropriate version of SSH on both machines and SSH Filesystem on both too for good measure. And your IM client of choice. I’m using the fantabulous Pidgin for this HOWTO, because, well, I use Pidgin.
Configure your portable machine, which I’m gonna call the Server, and your desktop machine, the Client, to connect to one another over SSH, hopefully using keys. In honour of my installation of Arch Linux on the desktop at 091 Labs, I’ll use informative links to their own wiki articles for SSH and SSH Keys.
Login back and forth at least once just to confirm things are working right. Syntax:
On your Server laptop machine, start Dropbox and make sure it is all synched up. Go read up on my earlier HOWTO on storing Pigdin logs in Dropbox. Simply:
mv logs ~/Dropbox
ln -s ~/Dropbox/logs/ logs
For the purposes of this HOWTO, we going to do the same for an additional file,
accounts.xml, because it contains all of your pertinent account information – service, user and password.
mv accounts.xml ~/Dropbox
ln -s ~/Dropbox/accounts.xml accounts.xml
On your Client desktop machine, make a Dropbox directory in your home folder and mount the Server’s Dropbox folder into it via SSHFS:
sshfs email@example.com:/home/mark/Dropbox ~/Dropbox
You now have full, complete access to Dropbox from your desktop via your laptop! Complete the connection to Pidgin on your desktop Client:
rm -r accounts.xml logs/
ls -s ~/Dropbox/accounts.xml accounts.xml/>
ln -s ~/Dropbox/logs/ logs
This solution is currently an absolutely perfect one for me; when I am working I have full access to what I need on demand; when I shut down my laptop and exit Pidgin no means to access my Dropbox/Pidgin logs remain on the desktop. At least not in a casual manner; a dedicated attack will find a means.
I am thinking that there are easier/alternative ways to serve up this level of protection:
Serve Dropbox entirely from a suitably-sized pen drive instead of a laptop? A now-defunct method for just this is listed on the Dropbox forums.
Local Dropbox installation with encrypted folder? Unwieldy? EncFS method. I’ve tried this myself on both Ubuntu and Arch, but I came away feeling that it was a less-than-solid solution: The contents on my Dropbox folder are locally secure, but can somebody else just delete the Dropbox folder, run Dropbox again as my user and access my files anyways?
Create a Truecrypt volume within Dropbox and put all my information into that. An overall increase in security, but I worry about losing my access key and therefore all my data. Wuala is another Cloud storage service that seem to offer local abuse protection and file encryption.