Re: USB key requirement.

To: debian-user@lists.debian.org, Dan Serban <dserban@lodgingcompany.com>
Subject: Re: USB key requirement.
From: Emanoil Kotsev <deloptes@yahoo.com>
Date: Wed, 12 Jan 2011 04:46:41 -0800 (PST)
Message-id: <[🔎] 43634.99072.qm@web161208.mail.bf1.yahoo.com>
In-reply-to: <[🔎] 20110111143824.008ce406@ws82.int.tlc>

--- On Tue, 1/11/11, Dan Serban <dserban@lodgingcompany.com> wrote:

> 
> I figured that after the root partition is mounted (nfs), I
> would have
> an init.d script that would work its magic.. if it's there,
> allow the
> continuation of the boot sequence (load gdm and other
> non-essential
> services).  All I would require is to match against an
> encrypted key
> without user intervention.

In fact if using PXE you don't really pay attention on security - I'm wondering what good means the usb key in this case.

I would put a customized initrd file on the usb and boot from there

> 
> > Q: Do you have a keyboard and is it desirable to use
> it on boot time?
> > Or you want just to plugin and if the right usb is
> inside the boot
> > will go on. you can do this after the system has
> already booted and
> > you can access the usb from the diskless station.
> 
> Second option, no keyboard interaction is required in my
> mind.  If you
> miss having the usb stick inserted, then to move forward,
> hit the reset
> button.

In your mind or in the specific case?

> > Q: have you heard of security
> > dongles
> > "http://www.naturela-bg.com/index.php?categ=&page=itm&lang=en&id=45&pid=&p=";
> > 
> 
> I have heard of them, but I don't personally understand the
> actual
> difference of a specialized key, versus a usb block device
> with an
> encryption file on it.

Well this is exactly what you are trying to do - the one link I posted I was the first that popped up in google and supports linux.

This is not a USB stick but a piece of hardware you plug in on the usb slot. You can do much more (programs can be banned from starting etc)

anyway over PXE (TFTP) everything is open and security is pretty week - I don't think a USB stick is really necessary to secure something. What happens if the user plug ins instead your USB stick a normal live USB ubuntu i.e. It will boot, the NFS shares can be mounted (cause you authenticate on system level) and the sense of some security is gone.

With PXE boot you have to use other security methods I think. 

regards

Reply to:

Follow-Ups:
- Re: USB key requirement.
  - From: Dan Serban <dserban@lodgingcompany.com>

References:
- Re: USB key requirement.
  - From: Dan Serban <dserban@lodgingcompany.com>

Prev by Date: Re: piping find to zip -- with spaces in path
Next by Date: Please ignore this test.
Previous by thread: Re: USB key requirement.
Next by thread: Re: USB key requirement.
Index(es):
- Date
- Thread