[arch-general] Encrypting remote system
Magnus Therning
magnus at therning.org
Sun Nov 1 15:19:46 EST 2009
On 01/11/09 15:06, Karol Babioch wrote:
> Hi,
>
> I'm wondering whether there is a possibility to encrypt a remote system
> using Arch Linux? I have installed Arch on a remote server, and don't
> like the idea that anyone with physical access to my system has access
> to my data. So is there something I can do about it?
>
> Using dm-crypt (with luks) doesn't work at all, as I can't input the
> passphrase when I reboot my system, the technician would really hate me
> if I ask them to attach a remote console each time I reboot my system.
>
> So is there anything I can do?
AFAICS there is *nothing* you can do against someone with physical access.
Encrypting the disk will only protect it while it's at rest, as soon as you've
booted the system you're back to the situation where you have to trust the
physical hardware, network, etc.
I assume you're talking about encrypting the *entire system* (as opposed to
just your home directory, since that would be obviously without any effect at
all). Given that, out of curiosity, how do you plan on getting the password
to the remote system at boot time?
/M
--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus@therning.org Jabber: magnus@therning.org
http://therning.org/magnus identi.ca|twitter: magthe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20091101/0582b9e1/attachment.bin>
More information about the arch-general
mailing list