Hi there – I’m wondering if it’s possible for
rclone to be run on an untrusted machine, so that it syncs through an
rclone instance on a trusted remote machine which has the actual credentials for the backend.
In other words, I’d like to rclone files from family members’ computers to a cloud location, but without the cloud credentials leaving my machine. My machine runs rclone and has a link to the cloud, and the first rclone instance(s) will use the second one as a sort of proxy.
Here’s a simple diagram:
[rclone sync w/o cloud credentials] --> [remote rclone has cloud credentials] --> [cloud]
I know rclone supports HTTP_PROXY but I’m not sure if that is what I am looking for?
Thanks for any tips!
In rclone.config is all data of your account, but you can add a password if you can’t somebody open all your accounts.
I can’t put the credentials on the computer from which the files are originating, though, because it is untrusted. A password won’t do because I won’t always be there to enter it for them…
If you add a password to the config, it encrypts the config so no one can see it.
But then don’t I have to be there to enter the password? I can’t be there to do that. And I can’t store the password on their device, because then they can just decrypt the config and get the credentials.
You’d have to drop the config on the machine which can be encrypted so no one can see it.
How would they decrypt the config without the password?
They can’t, that’s the point.
Maybe I am misunderstanding something, but: either I would have to enter the password for them, or the password would have to be stored on their machine, which means they could just access the password to decrypt the config whenever they want. I can’t encrypt the password because the buck has to stop somewhere, so to speak. And I can’t hash it because the password has to be in its plaintext form to decrypt the config.
Even if it was possible to not store the password on that device, the credentials would be exposed in their computer’s memory while rclone is running, and possibly after it finishes, leaving it vulnerable to a memory dump.
The point is, I need to run rclone --> rclone --> backend, where only the middle (remote) rclone instance has cloud credentials.
Can that be done? And if not, I will be happy to try to submit a PR to make this posssible, with a little guidance.
I think you need a better family if you don’t trust them
I see your flow, but at that point, what authenticates rlcone->rclone? Why stops them from dumping that authentication mechanism as well?
Ha, well, of course I trust their character, but not necessarily their competency. I don’t know who else may be using or have access to their computers.
I have that part figured out. I just need rclone to run on the untrusted machine without credentials to a trusted machine with credentials.
I’m guessing by now that there is no way to do this currently?
I don’t know who here on these forums is a maintainer of rclone, but I’d be willing to implement this, I just need a little guidance. @ncw is the only one I know of
Ah! It seems I may have made this harder than needed. Rather than rclone pushing out from the untrusted computer to some remote machine, I can have the untrusted machine run
rclone serve http and then have the trusted remote use that as an HTTP source. https://rclone.org/http/
My thinking just had to be turned around. I think this will work.
Sorry I missed this thread! I have replied with some thoughts on the issue.