Re: encrypted filesystem that can be mounted remotely?
On Tue, Jul 11, 2006 at 05:00:56PM -0000, Anonymous wrote:
> I'd like to keep some of the data on my computer's hard drive
> encrypted, but not necessarily all of it. But I also need to be able
> to reboot the computer remotely and log into by SSH without the
> encrypted FS mounted, then mount the encrypted partition in the SSH
> session (from a trusted machine, of course) presumably by giving a
> sort of mount command and entering the passphrase.
>
> I've never used an encrypted FS before. Is what I want possible? What
> encrypted FS supports this?
>
apt-get install crytsetup
man 8 cryptsetup...
The only customization you will need is to remove the link to
/etc/init.d/cryptdisks from your start runlevel so that the system
doesn't stop and request a password during the boot process...
When your system has finished booting, log in and run
/etc/init.d/cryptdisks
enter the password, and finally mount the encrypted filesystem.
In my opinion it would be better if cryptdisks actually did the
mounting (as I believe /etc/init.d/boot.crypto does on SuSE).
It seems in Debian there is an assumption that someone will be
on hand to enter a password at boot time, so that the normal
fstab 'mount -a' can be used to mount it.
For me it makes sense to delay the mount, not just to avoid preventing
a successful unatended reboot, but because if data is sensitive enough
to store on an encrypted filesystem, it should only be mounted when
needed...
Regards,
DigbyT
--
Digby R. S. Tarvin digbyt(at)digbyt.com
http://www.digbyt.com
Reply to: