Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Feb 2013 12:13:39 +0100
From:      Paul Schenkeveld <freebsd@psconsult.nl>
To:        Damien Fleuriot <ml@my.gd>
Cc:        hackers@freebsd.org
Subject:   Re: Chicken and egg, encrypted root FS on remote server
Message-ID:  <20130220111339.GA65661@psconsult.nl>
In-Reply-To: <BB9AA8EB-442E-4041-9CF2-92B16B8C9D2D@my.gd>
References:  <20130220065810.GA25027@psconsult.nl> <C69A03DB-D861-4400-96B4-2DF5925CB4FC@DataIX.net> <20130220074655.GA59952@psconsult.nl> <BB9AA8EB-442E-4041-9CF2-92B16B8C9D2D@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Feb 20, 2013 at 09:47:36AM +0100, Damien Fleuriot wrote:
> 
> On 20 Feb 2013, at 08:46, Paul Schenkeveld <freebsd@psconsult.nl> wrote:
> 
> > On Wed, Feb 20, 2013 at 02:42:57AM -0500, Jason Hellenthal wrote:
> >> Just a thought with no working example but…
> >> 
> >> bootp / tftp - from a remote secured management frame to TX a key filesytem to unlock your rootfs.
> >> 
> >> Could be something as simple as a remote wireless adhoc server with a 64GB thumbdrive to hold your data or just enough to tell the system where to get it.
> >> 
> >> Considering a key can be any length string of a sort just to say but... Serve the rootfs key directly from a TXT out of a secured DNS zone only visible to so said machines.
> > 
> > Thank you but manual entry of the passprase is a prerequisite here so
> > serving the key automatically is not an option.
> > 
> > With kind regards,
> > 
> > Paul Schenkeveld
> > 
> 
> What about getting a remote console like HP's ILO or Dell's DRAC ?
> 
> You get to login remotely, you can use some degree of access control... you can even remote boot.

For new hardware I could indeed use this, the current hardware does not
support remote console.

I don't have experience with ILO nor DRAC but I do have experience with
SuperMicro's KVM over LAN which does need a java client to run.  If I can
enter the passphrase over ssh that would be better as I can use any device
including a smartphone to dial in and enter the passphrase.

Thanks!

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130220111339.GA65661>