Securing/encrypting a remote server

To: debian-user@lists.debian.org
Subject: Securing/encrypting a remote server
From: Justin <eqisow@gmail.com>
Date: Thu, 6 Aug 2009 02:06:02 -0400
Message-id: <[🔎] b6c687af0908052306i2715b507x687aa1013767056b@mail.gmail.com>

I'm interested in encrypting/securing a server that I'm only going to have remote access to. Since somebody else will be setting it up the best I have been able to come up with is to have it setup with a normal LVM scheme, then add an encrypted tmp home and swap which I would mount/activate manually.

I toyed with unlocking the root fs via ssh with busybox/dropbear, but I could never get it to work right. Plus, as I understand it, luks uses the initial passphrase for encryption, so even if you revoke that key and create another one, it's still a rather huge security issue.

Does anybody else have any ideas? Do I need a /var/tmp as well or could I bind mount tmp to both?

And yes, I know all of the issues that come with a machine not being physically secured, but I figure I should do what I can anyway, eh?

Reply to:

Follow-Ups:
- Re: Securing/encrypting a remote server
  - From: Suno Ano <suno.ano@sunoano.org>

Prev by Date: Re: wi-fi security?
Next by Date: Re: Safe-upgrade of "dash" fails
Previous by thread: compiled kernel and NetXtreme II BCM5708 Gigabit Ethernet
Next by thread: Re: Securing/encrypting a remote server
Index(es):
- Date
- Thread