Erez D wrote:
so i though of a solution - use a crypto FS.
but there are many problems with it.
the practical problems are at least:
1. i do not know of a major linux distibution (i.e. redhat/ubuntu
etc... ) that fully support crypto-fs out of the box, so if i use it,
i will need to do manual changes every time i upgrade the system.
Debian does. The installer even offers to install it for you.
2. it is not really secured if the key is stored on disk. however if
the key is not stored on disk, then the computer can not acces the
data without human intervention, which is not good either when it
comes to servers.
What I do is to not encrypt everything (which is a good idea anyways).
The root file system and all of the service directories are not
encrypted, and only the data is. I also tweak the Debian startup
sequence to not ask me for the encryption password during boot. This
way, the system boots without a password (but does not contain any
data), and I use a small script to perform the actual crypted file
system mount later (by which time I can log into the machine from ssh).
Hope this helps.
Shachar
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
