Date: Wed, 20 Feb 2013 09:47:36 +0100 From: Damien Fleuriot <ml@my.gd> To: Paul Schenkeveld <freebsd@psconsult.nl> Cc: "hackers@freebsd.org" <hackers@freebsd.org> Subject: Re: Chicken and egg, encrypted root FS on remote server Message-ID: <BB9AA8EB-442E-4041-9CF2-92B16B8C9D2D@my.gd> In-Reply-To: <20130220074655.GA59952@psconsult.nl> References: <20130220065810.GA25027@psconsult.nl> <C69A03DB-D861-4400-96B4-2DF5925CB4FC@DataIX.net> <20130220074655.GA59952@psconsult.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 Feb 2013, at 08:46, Paul Schenkeveld <freebsd@psconsult.nl> wrote: > On Wed, Feb 20, 2013 at 02:42:57AM -0500, Jason Hellenthal wrote: >> Just a thought with no working example but=E2=80=A6 >>=20 >> bootp / tftp - from a remote secured management frame to TX a key filesyt= em to unlock your rootfs. >>=20 >> Could be something as simple as a remote wireless adhoc server with a 64G= B thumbdrive to hold your data or just enough to tell the system where to ge= t it. >>=20 >> Considering a key can be any length string of a sort just to say but... S= erve the rootfs key directly from a TXT out of a secured DNS zone only visib= le to so said machines. >=20 > Thank you but manual entry of the passprase is a prerequisite here so > serving the key automatically is not an option. >=20 > With kind regards, >=20 > Paul Schenkeveld >=20 What about getting a remote console like HP's ILO or Dell's DRAC ? You get to login remotely, you can use some degree of access control... you c= an even remote boot.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BB9AA8EB-442E-4041-9CF2-92B16B8C9D2D>