Date: Wed, 20 Feb 2013 09:47:36 +0100 From: Damien Fleuriot <ml@my.gd> To: Paul Schenkeveld <freebsd@psconsult.nl> Cc: "hackers@freebsd.org" <hackers@freebsd.org> Subject: Re: Chicken and egg, encrypted root FS on remote server Message-ID: <BB9AA8EB-442E-4041-9CF2-92B16B8C9D2D@my.gd> In-Reply-To: <20130220074655.GA59952@psconsult.nl> References: <20130220065810.GA25027@psconsult.nl> <C69A03DB-D861-4400-96B4-2DF5925CB4FC@DataIX.net> <20130220074655.GA59952@psconsult.nl>
index | next in thread | previous in thread | raw e-mail
On 20 Feb 2013, at 08:46, Paul Schenkeveld <freebsd@psconsult.nl> wrote: > On Wed, Feb 20, 2013 at 02:42:57AM -0500, Jason Hellenthal wrote: >> Just a thought with no working example but… >> >> bootp / tftp - from a remote secured management frame to TX a key filesytem to unlock your rootfs. >> >> Could be something as simple as a remote wireless adhoc server with a 64GB thumbdrive to hold your data or just enough to tell the system where to get it. >> >> Considering a key can be any length string of a sort just to say but... Serve the rootfs key directly from a TXT out of a secured DNS zone only visible to so said machines. > > Thank you but manual entry of the passprase is a prerequisite here so > serving the key automatically is not an option. > > With kind regards, > > Paul Schenkeveld > What about getting a remote console like HP's ILO or Dell's DRAC ? You get to login remotely, you can use some degree of access control... you can even remote boot.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BB9AA8EB-442E-4041-9CF2-92B16B8C9D2D>