From owner-freebsd-geom@FreeBSD.ORG  Fri Aug 24 11:17:15 2012
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9EEB61065674
	for <freebsd-geom@freebsd.org>; Fri, 24 Aug 2012 11:17:15 +0000 (UTC)
	(envelope-from brouci.tykadylko@seznam.cz)
Received: from mxl1.seznam.cz (mxl1.seznam.cz [77.75.72.44])
	by mx1.freebsd.org (Postfix) with ESMTP id 256068FC20
	for <freebsd-geom@freebsd.org>; Fri, 24 Aug 2012 11:17:14 +0000 (UTC)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=seznam.cz;
	h=To:Date:From:Received:Subject:Content-Transfer-Encoding:Content-Type:Mime-Version:Message-Id:X-Country:X-Abuse:X-Seznam-User;
	b=CHWkmfvbUKHwBRLCsKJpupqqZYy9P8ZKF/MWpl+7Yjxnhx49EbnJNjmCOzQeo7UBp
	r6idG0LvnK5VnEmv7dR7n88FP0sxXbUSOg8EPDmUsLApyIvrb1XpzzY49H8qnkOZOdp
	Kn0d3X/DEYohqXaSpqnPLvq1cY5EnYXFp+funS0=
To: freebsd-geom@freebsd.org
Date: Fri, 24 Aug 2012 13:16:14 +0200 (CEST)
From: =?us-ascii?Q?brouci=20tykadylko?= <brouci.tykadylko@seznam.cz>
Received: from  ( [90.177.52.100])
	by email.seznam.cz (Email.Seznam.cz) with HTTP
	for brouci.tykadylko@seznam.cz;
	Fri, 24 Aug 2012 13:16:13 +0200 (CEST)
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset="us-ascii"
Mime-Version: 1.0
Message-Id: <3065.175.369-8674-1053163704-1345806974@seznam.cz>
X-Country: CZ
X-Abuse: abuse@seznam.cz
X-Seznam-User: brouci.tykadylko@seznam.cz
Subject: geli remote password entering
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Aug 2012 11:17:15 -0000

Thinking about encrypting everything except /boot by geli(+zfs). Since server is remote, there is a problem with entering the key after restart. There is a possibility of KVM at datacenter, but I don't want to bother with it upon every reboot, and not speaking about possibility of remote interception.
My idea so far is to use RAMdisk image with bare ssh like DropBear (like here: http://www.webgroup.ch/linuxtag2006/Paper.pdf), but i still didn't try.
Dream solution is a bootloader with a ssh interface, but I didn't hear about any for fBSD.
Did any of you try something similar? Or do you have any other idea?
thanks
Brouci