From owner-freebsd-questions@FreeBSD.ORG  Fri Sep 19 20:49:25 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 08BC71065673
	for <freebsd-questions@freebsd.org>;
	Fri, 19 Sep 2008 20:49:25 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl
	[IPv6:2001:4070:101:2::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 025DE8FC15
	for <freebsd-questions@freebsd.org>;
	Fri, 19 Sep 2008 20:49:23 +0000 (UTC)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1])
	by wojtek.tensor.gdynia.pl (8.14.2/8.14.2) with ESMTP id m8JKnGLR004466;
	Fri, 19 Sep 2008 22:49:16 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Received: from localhost (wojtek@localhost)
	by wojtek.tensor.gdynia.pl (8.14.2/8.14.2/Submit) with ESMTP id
	m8JKnGOH004463; Fri, 19 Sep 2008 22:49:16 +0200 (CEST)
	(envelope-from wojtek@wojtek.tensor.gdynia.pl)
Date: Fri, 19 Sep 2008 22:49:16 +0200 (CEST)
From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
To: skx <listy@skxpl.eu.org>
In-Reply-To: <200809192156.56635.listy@skxpl.eu.org>
Message-ID: <20080919224802.B4462@wojtek.tensor.gdynia.pl>
References: <200809192156.56635.listy@skxpl.eu.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-questions@freebsd.org
Subject: Re: Encrypted disk on a server
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2008 20:49:25 -0000

> organized the server is located in an easily accessible place (actually
> outside my apartment) and I am afraid it might be stolen. It's a cheap
> old PC, so I am mostly worried about data stored on it.
>
> What is the most convenient way of securing this data (besides moving the
> machine :)? Encrypting the whole disk? How would I provide the password?

geli is a tool for this. you may encrypt whole disk or partition.

if you are not in place, configure your system so it will do minimal boot 
with sshd available, then you ssh, do geli attach, type password, and run 
script that fsck&mount the encrypted partition and start services 
depending of it's data