View previous topic :: View next topic |
Author |
Message |
tuber Apprentice
Joined: 12 Nov 2004 Posts: 267
|
Posted: Sat Jul 20, 2013 11:00 pm Post subject: Entering Password on a System with Full Disk Encryption |
|
|
For those running a system with full disk encryption, how do you deal with entering the encryption password remotely? I'm thinking about cases like when there is a temporary power failure, and you can't get to the console immediately. |
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Sun Jul 21, 2013 11:58 am Post subject: |
|
|
I can't/don't
lacking physical access to a machine negates the security of crypto anyway (cryo makes plucking a key from a running system's memory much easier!)
but that's neither here nor there - if i were to have this requirement, I'd likely be forced to let the kernel set an address via dhcp, AND, have a peek at the remote_rescue_shell here:
http://resources.infosecinstitute.com/luks-and-initramfs/ _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9601 Location: almost Mile High in the USA
|
Posted: Mon Jul 22, 2013 11:04 pm Post subject: |
|
|
I was wondering about this, and was one of the reasons why I didn't really want full disk encryption in case there was an unintended reboot. I'd probably end up keeping a skeleton root on an unencrypted disk and the rest on an encrypted volume... That way the machine will always boot enough that you can login with root or something, and start up the rest of the volumes.
But anyway it'll be a mess especially if you start daemons in initrd. Likely you'll have to kill them (actually, have the initrd kill them when you close the shell) else there will be open descriptors on the initrd when switch_root occurs. But then if it subsequently fails, then it'll be very stuck indeed requiring a reset button push. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
tuber Apprentice
Joined: 12 Nov 2004 Posts: 267
|
Posted: Mon Jul 29, 2013 1:54 am Post subject: |
|
|
The remote_rescue_shell would be cool if it used an SSH server instead of a Telnet server. One option that I was thinking of, was to hook up the main server's serial console to another machine. Perhaps a VPN server on a Pogoplug or something. So if I had to remotely access a rebooted server, I would login to the VPN server, fire up minicom, and then enter the password on the server's serial console. |
|
Back to top |
|
|
luckylinux n00b
Joined: 17 Mar 2012 Posts: 48
|
Posted: Mon Jul 29, 2013 10:25 am Post subject: |
|
|
Some KVM over IP solution (like Supermicro IPMI for instance) or maybe Dropbear SSH to enter LUKS passphrase via SSH? I use the first one - although if you can manage to setup Dropbear SSH into your initrd as it should I don't see problems with it (except security, of course). |
|
Back to top |
|
|
tuber Apprentice
Joined: 12 Nov 2004 Posts: 267
|
Posted: Wed Aug 07, 2013 5:25 pm Post subject: |
|
|
Dropbear sounds like it would work just fine. Why is it a security concern? |
|
Back to top |
|
|
luckylinux n00b
Joined: 17 Mar 2012 Posts: 48
|
Posted: Wed Aug 07, 2013 5:32 pm Post subject: |
|
|
tuber wrote: | Dropbear sounds like it would work just fine. Why is it a security concern? |
Well, depending on how critical your server is, I don't think remote SSHing as root is a good practice. SSHing as root is never a good practice (though I think you have to do so to unlock LUKS encrypted devices/partitions).
Someone more knowledgeable than me will probably give you a more in-deep answer. |
|
Back to top |
|
|
frostschutz Advocate
Joined: 22 Feb 2005 Posts: 2977 Location: Germany
|
Posted: Wed Aug 28, 2013 5:11 pm Post subject: Re: Entering Password on a System with Full Disk Encryption |
|
|
tuber wrote: | For those running a system with full disk encryption, how do you deal with entering the encryption password remotely? |
I do a magic packet exchange consisting of local and shared secrets xor'd with random data, which is not secure at all. It beats telnet (unencrypted), and it doesn't simply allow the packet to be reused, nor does it actually contain the key by itself. But it's still vulnerable (a man in the middle could probably produce the correct reply using xor himself, if he listened to a successful exchange once). I only did it because it was simple (using busybox netcat in the initramfs) and the box is in the local network so ...
The question is how secure do you need it to be, considering that all they have to do is shut down your box and modify your Initramfs to get the key? |
|
Back to top |
|
|
|