[Feature] Stateless key #4
Replies: 1 comment
-
|
This functionality already exists with the dropbear-initramfs package (which we bootstrap as part of this project). See: https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/ Edit:
This is indirectly discussed in my security tips section:
In such a setup (assuming you are hosting your own encrypted LAN webserver) unless your burglar is power splicing your bastion webserver as they steal it (which may be a concern if it is a letter agency) this would not be a concern as the webserver would get turned off and require decryption. These issues are left to the imagination of the user / admin (and I am not going to implement anything along these lines). It is entirely upon the user/administrator to understand their needs an implement security safeguards for their situation. e.g. things that come to mind:
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I am researching a secure and easy way to unlock my home server.
This thing is cool, but if my home server gets stolen it will be pretty much the same effect if I had no encryption at all.
Would be cool to improve the project so server would await during the boot for a password to be entered on a remote machine.
It would eliminate the security risk and make it more or less easy-to-use
(I am not asking you to implement this, but maybe some day some folk come across this repo and decides that it is a good idea to implement :D )
Beta Was this translation helpful? Give feedback.
All reactions