Encrypt Your Linux Server Filesystem with eCryptfs

Encryption has become a highly requested feature on the web lately with all of the talk of government spying, heartbleed and general security concerns. While most discussion has centered around encrypting the transport of data (via SSL), you might also want your data encrypted on disk as well. On a Linux-based server, you can encrypt your filesystem using eCryptfs.

eCryptfs is itself an actual file system with cryptographic metadata of each file, allowing for copying between hosts. It is also relatively easy to use and is even used for some desktop operating systems such as Ubuntu and Google ChromeOS.

eCryptfs is available for installation on most major Linux distributions. It is free and open source and can be applied to a home directory, partition or other distinct filesystem entity.

On Red Hat Enterprise Linux and CentOS, run:

# yum install ecryptfs-utils

On Debian and Ubuntu run:

# apt-get install ecryptfs-utils

The benefits of eCryptfs are clear, but there is one possible drawback. If for some reason, you lose your password and are unable to access your files through the traditional method of logging in, it might be impossible to gain access. A user without proper credentials cannot unencrypt your filesystem.

For more information about eCryptfs, see the online documentation.