LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
LinkBack Search this Thread
Old 02-15-2005, 09:56 AM   #1
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Rep: Reputation: 30
Encrypted file systems


Hello

I have a server in colocation. Every evening a number of business backup their work onto my server. The server is physically secure, however, I'm currently interested in making the partitions encrypted (the partition on which their data is stored -- eg /home).

Firstly, how does encyption work on a file system? that is, if someone steals my computer, I understand that the cannot access the data in /home without a password/passphrase. Does this passphrase have to be entered at boot up, or when the use logs into /home??

Because the server is in colocation, I cannot type in a passphrase when the system boots up, unless I can add it to lilo.conf somehow.

Secondly, all of the backups are automatic and specifically do not require user input. Thus, the encyption passphrase cannot be entered by the user when they log on.

My questions:
- if I'm right in thinking that a password/passphrase is entered at some point in bootup, how can I do this?
- can I just use a standard ext3 filesystem and then apply encryption to it? I read about this:

Code:
mount -t ext3 /dev/sda1 /mnt/crypto/ -oencryption=aes-256
- my disks are in RAID 1, will this matter?
- can anyone suggest a way of doing this? And direct me to a how to?

thank you very much
Hamish
 
Old 02-15-2005, 12:26 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,506

Rep: Reputation: 116Reputation: 116
Encrypted file systems are independent of RAID. It's just a file system, like any other. The passphrase is needed at the time the system is mounted. Providing it from a script, though possible, makes no sense: anyone with the computer could then get the passphrase from the script and decrypt the partition. Also, if the box is remotely compromised while running, the mounted system will be just as accessable as one without encryption.
 
Old 02-15-2005, 12:41 PM   #3
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Original Poster
Rep: Reputation: 30
hey
Quote:
Also, if the box is remotely compromised while running, the mounted system will be just as accessable as one without encryption.
But presumably this is always the case with encryption?

What I was considering was not encrypting root or boot partitions, just the home partitions. Thus, I can boot the computer up without need for password, and then manually remount the home partitions.

Would that work ok?

Also, I've read quite a bit about /dev/loop0 and the encrypted partition (say, /dev/sda1) stuff on this webpage http://www.linux.com/howtos/Cryptolo...ce-setup.shtml

I'm not quite sure I understand the difference between /dev/loop0 and /dev/sda1 . Can anyone shed some light on this?

Thanks
hamish

Last edited by hamish; 02-15-2005 at 12:49 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
encrypted file system 212121 Linux - Newbie 4 08-27-2005 05:18 PM
Question Re Encrypted File Systems TruckStuff Linux - Security 1 01-30-2005 07:13 PM
Encrypted File Systems sovietpower Linux - Security 3 08-28-2004 03:49 AM
Encrypted file systems? jbeedham Linux - Security 4 07-06-2004 12:19 PM
Encrypted File System for 9.2? scottdwright Mandriva 3 11-24-2003 03:53 AM


All times are GMT -5. The time now is 05:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration