On Fri, 2014-09-19 at 13:52 +0200, Jan Bredereke wrote: > As for the initial installation process, I suppose it cannot be > secured fully. You would have to transfer the crypto keys to the > clients without using the network, i.e., manually. As far as I have > seen, FAI does not provide mechanisms for this.
Please have a look at the list archives - this has been discussed several times over recent years. The bottom line is that a fully automatic transfer of secrets (eg passwords) over an uncontrolled network seems impossible. Imagine an attacker impersonating one of your clients, for example. FAI would perform an installation onto the attacker's hardware, which he can later analyze and learn the secrets. Other types of attacks can be thought of as subsets of this. However, users have come up with "nearly secure" solutions which can be used without physical access to the clients. One is setting up a key provider and logging all attempts to access it. Normally you know the times when installations occur, so you can later account for all key request attempts and map them to individual installations (successful or failed). In case of any suspicious entries in the logs, just repeat the installation with new keys. Of course, if you have physical access or can establish out-of-band communication with the client (such as plugging in a USB stick or CD), you can use these to provide any necessary secrets. Regards, Toomas Tamm