Re: USB key requirement.

To: Darac Marjal <mailinglist@darac.org.uk>, debian-user@lists.debian.org
Subject: Re: USB key requirement.
From: Dan Serban <dserban@lodgingcompany.com>
Date: Mon, 10 Jan 2011 17:36:29 -0800
Message-id: <[🔎] 20110110173629.7c54a57a@ws82.int.tlc>
In-reply-to: <20110110134529.GA25649@darac.org.uk>
References: <[🔎] 20110109214203.09dced39@ws82.int.tlc> <20110110134529.GA25649@darac.org.uk>

On Mon, 10 Jan 2011 13:45:29 +0000
Darac Marjal <mailinglist@darac.org.uk> wrote:

> On Sun, Jan 09, 2011 at 09:42:03PM -0800, Dan Serban wrote:
> > So, I'm currently switching my 9 workstations around the house to
> > diskless boot.  They mount nfs shares that reside on top of an
> > encrypted raid server.  This is all fine and good.
> > 
> > What I'd like to do:
> > 
> > On a specific workstation, on boot, i'd like to require that a
> > specific usb memory stick be inserted in the system.  ie. one that
> > contains a key which will allow the boot process to continue.
> > 
> > Can this be done?  If so, what should I use to make it less than
> > easy to decipher?
> > 
> > Maybe a GPG encoded text file that matches against a plain text one?
> > (that's insecure)...
> > 
> > I don't know.  Do any of you have any suggestions?
> 
> If the requirement can be relaxed to be some other sort of USB device,
> you could look at something like this:
> http://www.etokenonlinux.org/et/HowTos/eToken_and_LUKS
> 
> The eToken is basically a smartcard that plugs into USB.

I still don't really understand the difference apart from it containing
a key that I match against.  Which is in essence what I was asking to
do with a USB block device which looks much cheaper than the eToken.

> 
> If it has to be a USB Mass Storage device, try this:
> http://binblog.info/2008/12/04/using-a-usb-key-for-the-luks-passphrase/
> 

This I've already done with my server, the usb key is inserted into the
server to allow it to boot (with the key), what I was asking was for a
method to halt a diskless boot (or one with a disk) if a specific USB
key wasn't available.  So my thoughts went to Vendor ID, serial number,
and also a key to compare against on the root filesystem.  

My case is different in the sense that I'm not decrypting my block
volumes, just halting a boot sequence.

> Remember, Google is your friend.
> 

My google-fu is weak.  All I run into is stuff like you've suggested so
far, and how to install debian via a USB key.  Nothing like what I want.

> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org Archive:
> > [🔎] 20110109214203.09dced39@ws82.int.tlc">http://lists.debian.org/[🔎] 20110109214203.09dced39@ws82.int.tlc
> >

Reply to:

Follow-Ups:
- Re: USB key requirement.
  - From: deloptes <deloptes@yahoo.com>
- Re: USB key requirement.
  - From: Stefan Monnier <monnier@iro.umontreal.ca>

References:
- USB key requirement.
  - From: Dan Serban <dserban@lodgingcompany.com>

Prev by Date: piping find to zip -- with spaces in path
Next by Date: Re: Squeeze: Gnome icons missing
Previous by thread: Re: USB key requirement.
Next by thread: Re: USB key requirement.
Index(es):
- Date
- Thread