Persistent volume on sshfs

As of now, Tails can mount a directory from a hidden (onion) SSH server out of the box. This just works as the non-root ‘amnesia’ user. Thanks very much for that guys.

So it would be natural to consider using sshfs as backing store for the persistent volume file.

Currently the persistent volume is just a LUKS partition, which can be a problem in some scenarios. Suppose a Tails user visits an oppressive state and their place of stay gets raided by the secret police. Then the user will have to answer a lot of hard questions about the LUKS partition. In the worst case, rubber-hose cryptanalisys will be used and the Tail user will have a really hard time not disclosing the volume password. If the persistent volume gets hosted in a free country instead, there will be no evidence of it available to the adversary (at least from the Tails USB stick) and the Tails user will have a better chance to maintain they have no hidden data of any sort.

It is already possible to mount an sshfs-based LUKS volume manually after just one system change: uncomment user_allow_other in /etc/fuse.conf so the root user can access the LUKS volume file over sshfs for device-mapper purposes. The rest is straightforward:

$ sshfs user@xyz.onion:disks /mnt/disks
$ sudo cryptsetup luksOpen /mnt/disks/luksdisk sshdisk
$ sudo mount /dev/mapper/sshdisk /mnt/persistent

So it looks like the tricky part is going to be the integration of the procedure into Tails.

Thank you guys for considering this idea.

Related issues

Related to #11681 (closed)

Original created by @databug on 15938 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information