[arch-general] Encrypting remote system
Hi, I'm wondering whether there is a possibility to encrypt a remote system using Arch Linux? I have installed Arch on a remote server, and don't like the idea that anyone with physical access to my system has access to my data. So is there something I can do about it? Using dm-crypt (with luks) doesn't work at all, as I can't input the passphrase when I reboot my system, the technician would really hate me if I ask them to attach a remote console each time I reboot my system. So is there anything I can do? -- Best regards, Karol Babioch <karol@babioch.de>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Karol Babioch wrote:
Using dm-crypt (with luks) doesn't work at all, as I can't input the passphrase when I reboot my system, the technician would really hate me if I ask them to attach a remote console each time I reboot my system.
You can install a base system and put VMs onto encrypted drives. Then you can ssh there and unlock/boot the VMs. - -- Florian Pritz -- {flo,bluewind}@server-speed.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJK7aTYAAoJEG0WVcFM4cE+220P/jTfoRiEUHyIRRGm5kKa+UPX I9bQu/NH05ALXh3fkk8qGWqxP7cEM3IPvdAwoUeCXkZ0qZ+Vli0kinypWynQwtIZ xcshtnFPZ4zEKrrs+7e/ljLWlMUKj6/1yxQqu/1k5pqTjZdzxPfhj8NCT+VsVXoB RIDOh7vtcgagLSQSFmfg84LMvJCNdwd13kXSqP2yNXYI4A+UcF43VDozStH9tdG8 QQroixq93X5VdI4iNCC0FcEfTxjtuwHmncWORb3vhqGOkkSCElRCOBO5N4WxTu8x qoHR+cxlrB72wvglr5l/en3KzxoWQk4Ur7Uc/PwksIhCy9+KUoGLkTmkCTrdU4Nq i1NJwYQWZo8G3iLXqDAdAQaBUcnIm8Geraj1f6mN4zg7rKwoAM0PfMiz1lvHfG3G uc6X+JkCcWpdWhGSfZ2Ncn6UHDjEAgshMaRHhyUleEHnttdL0HaMC9SSo2ofoZL7 4wvNDc7LqQ9eG3iSI6OAzd2d9ZCs+Qj/Id6mWVarcYODhxwE8PzQczxoixUxuWA0 w+yu9JfUqE1LDjp1BgaLgnUSVArz+CUAgA1bfhNT45YJRmIBmkaXBwQ0ZyP+9pwF CTdvr44+XEz4bHB6ict5Y80Yvbl7QUgkhEExkRE6l19oL1rd6EAe44gxoI+k0FOj YMz3RCT7A+WFu/pObd2b =yTW2 -----END PGP SIGNATURE-----
On 01/11/09 15:06, Karol Babioch wrote:
Hi,
I'm wondering whether there is a possibility to encrypt a remote system using Arch Linux? I have installed Arch on a remote server, and don't like the idea that anyone with physical access to my system has access to my data. So is there something I can do about it?
Using dm-crypt (with luks) doesn't work at all, as I can't input the passphrase when I reboot my system, the technician would really hate me if I ask them to attach a remote console each time I reboot my system.
So is there anything I can do?
AFAICS there is *nothing* you can do against someone with physical access. Encrypting the disk will only protect it while it's at rest, as soon as you've booted the system you're back to the situation where you have to trust the physical hardware, network, etc. I assume you're talking about encrypting the *entire system* (as opposed to just your home directory, since that would be obviously without any effect at all). Given that, out of curiosity, how do you plan on getting the password to the remote system at boot time? /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe
On So, 2009-11-01 at 20:19 +0000, Magnus Therning wrote:
how do you plan on getting the password to the remote system at boot time?
That was the thing I wanted to know from you ;). However the idea with the virtual machine(s) isn't that bad at all, I will look into it when I have some spare time. -- Best regards, Karol Babioch <karol@babioch.de>
On Sun, 01 Nov 2009 20:19:46 +0000 Magnus Therning <magnus@therning.org> wrote:
On 01/11/09 15:06, Karol Babioch wrote:
Hi,
I'm wondering whether there is a possibility to encrypt a remote system using Arch Linux? I have installed Arch on a remote server, and don't like the idea that anyone with physical access to my system has access to my data. So is there something I can do about it?
Using dm-crypt (with luks) doesn't work at all, as I can't input the passphrase when I reboot my system, the technician would really hate me if I ask them to attach a remote console each time I reboot my system.
So is there anything I can do?
AFAICS there is *nothing* you can do against someone with physical access. Encrypting the disk will only protect it while it's at rest, as soon as you've booted the system you're back to the situation where you have to trust the physical hardware, network, etc.
I assume you're talking about encrypting the *entire system* (as opposed to just your home directory, since that would be obviously without any effect at all). Given that, out of curiosity, how do you plan on getting the password to the remote system at boot time?
/M
1) if your server supports it, you could use IPMI serial-over-lan 2) you can encrypt your / or /home, there are ways to have the early userspace start an ssh daemon so you can connect it. 3) if you're really paranoid: somebody could overwrite your bios/bootloader/early userspace and sniff your password when you enter it (remotely). 4) and then there is what Magnus said. (IIRC ipmi SOL is plaintext) Dieter
Karol Babioch schrieb:
Hi,
I'm wondering whether there is a possibility to encrypt a remote system using Arch Linux? I have installed Arch on a remote server, and don't like the idea that anyone with physical access to my system has access to my data. So is there something I can do about it?
Using dm-crypt (with luks) doesn't work at all, as I can't input the passphrase when I reboot my system, the technician would really hate me if I ask them to attach a remote console each time I reboot my system.
So is there anything I can do?
I thought about this topic and concluded that security will be the same as without encryption: What is encryption good for? It protects against someone with physical access being able to decrypt your data. Once the machine is running, you'd have to circumvent the usual access control, whether the system is encrypted or not. This security relies on two things: 1) The passphrase ensures that only authorized people can access the data on the drive. 2) Somehow, you need to ensure that you only give the passphrase to the machine it belongs to. The first point would be rather easy, even with a remote system. But the second is the problem. On your desktop or laptop, you verify 2) by looking at it and saying "Yes, this is definitely my machine, so I can give it the passphrase". For a remote machine, you have to rely on cryptography. The security of cryptography is based on the remote machine having a private secret (like a private key to a certificate or a SSH private host key). Now, as we said, encrypting the hard drive is for protecting against people getting physical access to your hard drive. So if someone has physical access to the machine, he/she can easily grab that private secret and perform an effective man-in-the-middle attack and sniff your passphrase - or even better, install a modified cryptsetup binary and make it save the raw encryption key in some place. In other words: You'd have to trust the unencrypted portion of your system to do what you expect it to do - which you can't. That said, such an attack is also easily possible on your desktop or laptop. If someone would steal the laptop, modify your kernel or initramfs and then give it back to you, he/she could have done anything to it to sniff the passphrase as you enter it. In case you can not ensure that the laptop has not been tampered with, you'd have to re-create your bootloader, kernel and initramfs from a trusted source before using it again (also impossible for a remote machine). However, one bit of added security is possible for a remote machine: If someone steals the hard drive without getting to your passphrase first, he/she would not be able to obtain any data. But someone who would simply steal it, wouldn't be interested in your data anyway. Everyone who is interested can (as seen above) easily get it. My conclusion: You should rather concentrate on securing against remote attacks via the network, which are more likely than physical attacks, and you can actually protect yourself effectively against those.
participants (5)
-
Dieter Plaetinck
-
Florian Pritz
-
Karol Babioch
-
Magnus Therning
-
Thomas Bächler