Re: Creating a encrypted directory during the server installation
On 24/09/08 01:43, Dustin Kirkland wrote: > That said, let me throw out another perhaps more controversial > option... What if we didn't ask, and we just provided ~/Private > encrypted by default? If unspecified, the mount passphrase is > randomly generated from 128 bits of /dev/urandom. We can do that > completely entirely and reliably without adding a screen to the > installer, and provide the system administrator user a secure, > encrypted location to drop critical data by default on any Ubuntu > Server When I saw the previous posts come past I wondered if this wasn't a better option. Leading by example. I'm not familiar with how it's created, but could it be "built-in" as you suggest and be created when an account is made as part of the adduser process? Could the (initial) pass-phrase be the user's login password? -- Onno Benschop Connected via Optus B3 at S31°54'06" - E115°50'39" (Yokine, WA) -- ()/)/)()..ASCII for Onno.. |>>?..EBCDIC for Onno.. --- -. -. --- ..Morse for Onno.. ITmaze - ABN: 56 178 057 063 - ph: 04 1219 - [EMAIL PROTECTED] -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
On Tue, 23 Sep 2008 10:40:56 +0800 James Troup <[EMAIL PROTECTED]> wrote: > The encrypted directory feature is great stuff but I really don't > think it's worth adding as a question to all server installs for it; > at least not in the default mode. I don't see a big use of it server area, but, to be honest, I was more puzzled (during alpha 6 install) over new locale chooser and 'How do you want to manage upgrades' question. The crypted one was straightforward. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
Just my opinion, but I think the secured Private directory is a good idea and having the question in the installer doesn't add excessive "clutter", "complexity", or other "c" words to the installation process. :-) I keep config files, code, etc in a VCS and will move the information into the ~/Private directory, giving it one more layer of security. So I vote to keep the question in the installer... it's easy enough to say no and move on. -- Party On, Adam -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
I feel compelled to mention one other thing... Often, LVM encryption is *not* an option for servers where unattended booting is absolutely required, as LVM encryption requires a passphrase on startup. With an encrypted ~/Private, no passphrase is required on boot, but rather it's mounted/unmounted on login/logout. That said, let me throw out another perhaps more controversial option... What if we didn't ask, and we just provided ~/Private encrypted by default? If unspecified, the mount passphrase is randomly generated from 128 bits of /dev/urandom. We can do that completely entirely and reliably without adding a screen to the installer, and provide the system administrator user a secure, encrypted location to drop critical data by default on any Ubuntu Server. The one challenge, however, is that we'd need to communicate to the user their randomly generated passphrase, which they would need if they needed to take extreme measures at some point to recover their data. :-Dustin -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
On Monday 22 September 2008 21:40:56 James Troup wrote: > Rick Clark <[EMAIL PROTECTED]> writes: > > While I think we need to take a very close look at installer > > usability in the future, I think that adding htis question makes > > little difference. It is easy to preseed it and avoid all > > questions. > > Err, what? > > a) if we take that attitude to each new potential question, the we'll > soon lose sight of the 'minimal questions during install' goal > that was (is?) an original feature/target of Ubuntu My point was that this one question makes little difference to me personally. We are planning on looking at the installer for Jaunty, and adding this for this release, to help make a feature visible seems worth it. I am far more concerned about the tasksel list growing and the annoying keyboard detection. Minimal questions during install has not, as long as I have been around, been an expressed goal of the server edition.I do agree, however, that it is a good thing to make the install as simple and streamlined as possible. I just don't believe asking this one question has a huge effect. > > b) preseed is great, but I think calling it 'easy' is , well, > optimistic > That entirely depends on who you are talking about. I found it to be relatively straight forward. > The encrypted directory feature is great stuff but I really don't > think it's worth adding as a question to all server installs for it; > at least not in the default mode. > > -- > James signature.asc Description: This is a digitally signed message part. -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Creating a encrypted directory during the server installation
Rick Clark <[EMAIL PROTECTED]> writes: > While I think we need to take a very close look at installer > usability in the future, I think that adding htis question makes > little difference. It is easy to preseed it and avoid all > questions. Err, what? a) if we take that attitude to each new potential question, the we'll soon lose sight of the 'minimal questions during install' goal that was (is?) an original feature/target of Ubuntu b) preseed is great, but I think calling it 'easy' is , well, optimistic The encrypted directory feature is great stuff but I really don't think it's worth adding as a question to all server installs for it; at least not in the default mode. -- James -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam