[skipping a lot of lines ...] Justin> Does anybody else have any ideas? Do I need a /var/tmp as well Justin> or could I bind mount tmp to both? The usual problem with full-disk encryption like for example dm-cypt/luks[0] is that you need to unlock the container at boot. With remote access that is somewhat complicated if you do not have means for out of band management ... dropbear is imho a nice but not enterprise-class solution for the problem. Anyways, what you could use is filesystem-level encryption[1]. Since it sits atop the actual filesystem, you log on like usual and only after that do you need a key and/or pw to unlock the filesystem-level encryption. [0] http://sunoano.name/ws/public_xhtml/dm-crypt_luks.html [1] http://sunoano.name/ws/public_xhtml/debian_security.html#filesystem-level_encryption
Attachment:
pgpUIhPfVsKNt.pgp
Description: PGP signature