Chicken and egg, encrypted root FS on remote server
Damien Fleuriot
ml at my.gd
Wed Feb 20 08:55:33 UTC 2013
On 20 Feb 2013, at 08:46, Paul Schenkeveld <freebsd at psconsult.nl> wrote:
> On Wed, Feb 20, 2013 at 02:42:57AM -0500, Jason Hellenthal wrote:
>> Just a thought with no working example but…
>>
>> bootp / tftp - from a remote secured management frame to TX a key filesytem to unlock your rootfs.
>>
>> Could be something as simple as a remote wireless adhoc server with a 64GB thumbdrive to hold your data or just enough to tell the system where to get it.
>>
>> Considering a key can be any length string of a sort just to say but... Serve the rootfs key directly from a TXT out of a secured DNS zone only visible to so said machines.
>
> Thank you but manual entry of the passprase is a prerequisite here so
> serving the key automatically is not an option.
>
> With kind regards,
>
> Paul Schenkeveld
>
What about getting a remote console like HP's ILO or Dell's DRAC ?
You get to login remotely, you can use some degree of access control... you can even remote boot.
More information about the freebsd-hackers
mailing list