From owner-freebsd-geom@FreeBSD.ORG Sat Aug 25 09:12:08 2012 Return-Path: Delivered-To: freebsd-geom@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 98AE9106564A for ; Sat, 25 Aug 2012 09:12:08 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id 7A2298FC19 for ; Sat, 25 Aug 2012 09:12:05 +0000 (UTC) Received: from Xins-MacBook-Pro.local (unknown [IPv6:2001:470:83bf:0:eca8:7a9e:2c34:c1ec]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 185821D9FF; Sat, 25 Aug 2012 02:12:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1345885925; bh=Kgfmhuw5DjN5q4hMFDfAzhnV31r8Z1c1w8uy9lq2KO0=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=zdBhyeEhmFa6qxfUm2QE7i67oAOoEaVblMWf3rY0fjFyYPGyh0jnsuNXe52rwPkKH 2Kq+ZukyW1ip//G1GQecmKTaLVN9lHFZOBNupedviEEeXIdBL/xW0zuzZaBA+sVIgo c3gvauCeNDRMa6/19J3obEnCTrLkqrnWgFwr4ekk= Message-ID: <503896E1.9000203@delphij.net> Date: Sat, 25 Aug 2012 02:12:01 -0700 From: Xin Li Organization: The FreeBSD Project User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: brouci tykadylko References: <3094.176.373-2311-1566486531-1345882861@seznam.cz> In-Reply-To: <3094.176.373-2311-1566486531-1345882861@seznam.cz> X-Enigmail-Version: 1.4.3 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: d@delphij.net, freebsd-geom@FreeBSD.org Subject: Re: geli remote password entering X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: d@delphij.net List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Aug 2012 09:12:08 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 8/25/12 1:21 AM, brouci tykadylko wrote: > Useful idea, but in this stage it's quite to late for real > paranoic. If you consider logfiles as sensitive data. There are some problems with my approach but I'm not particularly concerned with logfiles. This really depending on how you store /var. It is still possible to mount it after geli initialization and no, there is no such thing 'logfile' since syslogd is not started at that point. Moreover I'd say if you really worry about logfile, it should not be stored locally but to a dedicated remote log server which have its logon interface locked down inside a VLAN, and the system should have only append access to that server and nothing else. > Linux obviously CAN do that. It has some early_ssh, bropbeard ssh > daemon loaded from initramdisk for purpose of entering password > for LUKS. Well, this *is* early_ssh -- similar idea but without a duplicated copy of sshd, etc. where you have two daemons and two files to worry about. Of course, the current version does not do logs but it's possible to do it locally or remotely with very simple tweaks by starting syslogd with a alternative boot-only configuration profile. It would be interesting to implement initrd alike feature in FreeBSD, however, but it's not totally impossible to do similar thing "right now"-ish by using a mdroot while having it chroot into the new / with devfs and friends mounted, it's like a kluge but still do-able. > Still didn't find any satisfactory solution for FreeBSD. > > >> ------------ Pôvodná správa ------------ Od: Xin Li >> Predmet: Re: geli remote password entering >> Dátum: 24.8.2012 20:44:56 >> ---------------------------------------- > On 08/24/12 04:16, brouci tykadylko wrote: >>>> Thinking about encrypting everything except /boot by >>>> geli(+zfs). Since server is remote, there is a problem with >>>> entering the key after restart. There is a possibility of >>>> KVM at datacenter, but I don't want to bother with it upon >>>> every reboot, and not speaking about possibility of remote >>>> interception. My idea so far is to use RAMdisk image with >>>> bare ssh like DropBear (like here: >>>> http://www.webgroup.ch/linuxtag2006/Paper.pdf), but i still >>>> didn't try. Dream solution is a bootloader with a ssh >>>> interface, but I didn't hear about any for fBSD. Did any of >>>> you try something similar? Or do you have any other idea? > > I have posted something with similar idea here: > > http://lists.freebsd.org/pipermail/freebsd-security/2012-August/006547.html > > > But this is different -- you can't have only /boot unencrypted > because it requires / and /usr be available at very early boot > time. Personally I'm not quite concerned with / unencrypted -- you > could reveal /etc/master.passwd in the worst case but sensitive > data can be stored in encrypted partitions. > > Cheers, >> >> >> -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) iQEcBAEBCAAGBQJQOJbhAAoJEG80Jeu8UPuz1K4IALOLWSDHgOnOr0ei738yzmA4 tIjNnpdtt2yOG4bjXfyfZbN10i4DqJ6vb5rHuHkfSzWVMl+1ITacmC4zPnKT5SdZ 3j6E8t1EqJPLABYgzdiASgG2h2xyYBC7gGp3Q/wDQwuIXMRwVpQHpz1jW9qYDOjO cXzurms3r3THhtsLNq3wGoKKLKL72db7zylygjCQSF+OlQsAWU2mgeip7HKenMJY OYRkxQi4vIKWpaDW40NaLiOcljzpT2BlyxamP/CVgj7gYIjc+390dBX/Dq8CnZ/b AJUD6i6fULsfUc4iMgyJbr5JKWe1TVStCbGceN9+Gtqfp8wKhFr0mkHeiJbeLB4= =TBcX -----END PGP SIGNATURE-----