Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 16th May 2008, 17:35
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
Default Full disc encryption - use keyfile on usb thumbdrive

As Ubuntu now offers full disc encryption upon installation there's just one thing that still eludes me and which I have not yet a accomplished.

Assume you want to remotely reboot your FDEed computer. Upon reboot you'll have to enter your password... problem is, you're not at your machine...

So, with luks you can also setup keys for unlocking devices. I have all my harddisks fully encrypted and except for the root drive "/" I did assign also a keyfile for the others (up to 10 passwords/keys per device I think).

So I changed /etc/crypttab to authenticate the other drives with the keyfile. Upon reboot I have to enter only the password for the root partition and the rest gets unlocked automatically as I have the keyfiles on the root partition.

so I wonder would it be possible to also put a keyfile onto a usb thumbdrive and use it to authenticate the root partition?

I've been thinking abuot this solution when you want to reboot from a remote location:
(1) copy the keyfile onto the usb pendrive that's attached to the computer
(2) reboot the computer
(3) it will unlock the root partition with the keyfile on the usb pendrive
(4) then add a little script that auto-deletes the keyfile on the usb pendrive (you don't want to have it permanently on there)

Would that be working? How could that be accomplished? Is that secure (or how to securely delete a file on a usb pendrive)?

What are other options to reboot a FDEed system from a remote location?
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
Sponsored Links
  #2  
Old 17th May 2008, 15:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

I haven't tried disk encryption yet, so I can't say much. Anyone else?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 17th May 2008, 16:06
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
Default

there can't be anything you don't know about linux... that's just not possible!!!
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #4  
Old 18th May 2008, 16:06
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

I'm afraid it is...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mandriva 2008.1 Spring squealing miodragz Installation/Configuration 6 17th May 2008 23:41
Slow connection to FC6 system post-LAMP install? cfspence Installation/Configuration 8 29th January 2008 19:09


All times are GMT +2. The time now is 01:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.