Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

disk encryption #18

Open
jacksingleton opened this issue Nov 4, 2015 · 0 comments
Open

disk encryption #18

jacksingleton opened this issue Nov 4, 2015 · 0 comments
Assignees
@jacksingleton

Comments

@jacksingleton
Copy link
Collaborator

There's a neat trick people do where they embed dropbear (a small ssh server) into the ramdisk, which allows you to ssh and enter the luks password while booting the server to achieve full disk encryption on a headless machine.

https://kiza.eu/journal/entry/697

Unfortunately it looks like systemd caused problems with this setup. though there might be a workaround: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618862#158 (the tutorial here is for Jessie, what do they do? https://xn3.wiki/debian/deb_kimsufi_atom_srv_luks)

A less involved option would be to set up a luks encrypted volume just to store sandstorm data on (and maybe encrypted swap as well). Not as good as FDE, but it's still something.
@jacksingleton jacksingleton self-assigned this Feb 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jacksingleton jacksingleton

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jacksingleton