Chicken and egg, encrypted root FS on remote server
Paul Schenkeveld
freebsd at psconsult.nl
Wed Feb 20 11:13:46 UTC 2013
On Wed, Feb 20, 2013 at 09:47:36AM +0100, Damien Fleuriot wrote:
>
> On 20 Feb 2013, at 08:46, Paul Schenkeveld <freebsd at psconsult.nl> wrote:
>
> > On Wed, Feb 20, 2013 at 02:42:57AM -0500, Jason Hellenthal wrote:
> >> Just a thought with no working example but…
> >>
> >> bootp / tftp - from a remote secured management frame to TX a key filesytem to unlock your rootfs.
> >>
> >> Could be something as simple as a remote wireless adhoc server with a 64GB thumbdrive to hold your data or just enough to tell the system where to get it.
> >>
> >> Considering a key can be any length string of a sort just to say but... Serve the rootfs key directly from a TXT out of a secured DNS zone only visible to so said machines.
> >
> > Thank you but manual entry of the passprase is a prerequisite here so
> > serving the key automatically is not an option.
> >
> > With kind regards,
> >
> > Paul Schenkeveld
> >
>
> What about getting a remote console like HP's ILO or Dell's DRAC ?
>
> You get to login remotely, you can use some degree of access control... you can even remote boot.
For new hardware I could indeed use this, the current hardware does not
support remote console.
I don't have experience with ILO nor DRAC but I do have experience with
SuperMicro's KVM over LAN which does need a java client to run. If I can
enter the passphrase over ssh that would be better as I can use any device
including a smartphone to dial in and enter the passphrase.
Thanks!
More information about the freebsd-hackers
mailing list