Welcome to Linux Forums!

With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.

Linux Forum ArticlesLinux ForumsLinux Forum DownloadsLinux HostsFree MagazinesJobs
Home|Register|FAQ|Member List|Calendar|Unanswered Posts|Forum Rules|Today's Posts|Advanced Search|
SEARCH FOR IN
Go Back   Linux Forums > Your Distro > Redhat / Fedora Linux Help
Reload this Page Encrypted File System Boot
Linux Forums
Linux Forums
Welcome To The Linux Forums!
Welcome to Linux Forums. We pride ourselves in being one of the largest Linux communities on the web, we encourage you to REGISTER on our forums and participate in the community. There are over 150,000 members ready to answer your questions. JOINING US today will allow you to make new posts, get support, send messages to other members and submit downloads to our downloads directory and many other great features!

Redhat / Fedora Linux Help Help and discussion related to Redhat and Fedora Linux.

Reply
 
Thread Tools Display Modes
Old 04-14-2008   #1 (permalink)
Just Joined!
 
Join Date: Aug 2007
Posts: 3
Encrypted File System Boot
Hi all,

Hopefully someone can point me in the right direction on this.

I am trying to create a install of the OS which is installed on an encrypted disk that will mount automatically upon install without any user intervention. I have tried LUKS and pretty much regardless of what I do it is always asking for the password at boot time or needs an unencrypted volume from which to retrieve a key from.

These are basically for servers which will be in a colo, so even though the cage is locked and i should not have anything to worry about I want to make sure that the hard drive can not be swiped and mounted in another linux system. So far the only thing I have found to be close is LUKS which requires that a key file or password be entered. If I have to reboot remotely I don't want to have to give this info out to anyone.

Any help at all that anyone can provide would be great and you would have my appreciation. Even if it is just a simple RTFM on a different piece of software

~SA
synapseattack is offline   Reply With Quote
Old 04-14-2008   #2 (permalink)
Linux Enthusiast
 
Join Date: Apr 2004
Location: UK
Posts: 579
You are trying to implement two conflicting requirements. Specifically "Works completely automatically in my computer" and "Can't work otherwise". If the key is on the system to allow automatic mounting then the attacker can steal it, probably without realising, by stealing the HDD. If the key isn't there then it will have to ask for it.

On the other hand, you may not need to encrypt the entire system. I'd approach this by making sure the system can boot to at least a minimally operational state by itself, then ssh in and set up the encrypted partition providing the password remotely. Then you can kick off the remainder of the boot process.

If you are feeling ultra paranoid then there are a few ways this could go wrong, but it seems like a reasonable start.

Let us know how you get on,

Chris...
__________________
DRM keeps an honest user loyal
kakariko81280 is offline   Reply With Quote
Old 04-16-2008   #3 (permalink)
Just Joined!
 
Join Date: Aug 2007
Posts: 3
In that case lets try another way.

Is it possible to get LUKS to look for a key file with a URL?

I suppose I could do a startup script that download the file and mount the encrypted file but if there is a built in or already tested and tried way to do it all the better.
synapseattack is offline   Reply With Quote
Old 04-26-2008   #4 (permalink)
Linux Enthusiast
 
Join Date: Apr 2004
Location: UK
Posts: 579
I don't think there is a native way to get cryptsetup to download keys from the Internet.

Although you could script such a task, it leaves you with the options of posting your private key publicly, or password protecting it and storing that password in the clear on the drive you are trying to protect.

I personally think both of these options are less secure than ssh-ing into a partially booted system to mount the encrypted volumes manually.

Let us know how you get on,

Chris...
__________________
DRM keeps an honest user loyal
kakariko81280 is offline   Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off
 

Free Magazines
Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe
Systems Management News, the newspaper for IT systems administration and data center managers!
Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe
The Enterprise Newsweekly
eWeek is the essential technology information source for builders of e-business.
subscribe
Oracle Magazine
Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe
Total Telecom
Total Telecom is "The Economist of the communications industry".
subscribe
More free magazines »



All times are GMT. The time now is 04:48 AM.



Contact Us | Advertise | Archive | Top
© 2000 - 2008 - All Rights Reserved - Property of  MAS Media

Content Relevant URLs by vBSEO 3.2.0