Wolfgang Sailer wrote:
I would like to set up a linux server with encrypted samba and NFS shares.
The computer must boot without asking for passwords.
Then the data will not be secure. Simple possession of the machine, or
10 minutes unattended time with the machine, will compromise the data.
Reason: I would like to use my old computer (without keyboard and screen) as
a network-attached-storage (SAMBA and NFS) server for Windows and Linux
computers on a home network. Users should not be "troubled" by LUKS (eg.
telnetting in to send a password to unlock the share).
Why bother encrypting the data at all if bypassing it would be so
trivial? That "trouble" is the only thing that would make the data
secure -- and it's hardly any trouble at all.
With an uninterrupted power supply (UPS) on the machine, the server
would not reboot by itself, ever. Therefore, the number of times you
should have to SSH in to the machine to supply a password would likely
be counted on one hand over the lifetime of the server. And this way, a
simple pull of the plug, or press of the reset button, or remote reboot
command by SSH, would secure all of the data.
To make it easier, here are some simple mount/unmount scripts for you;
edit them as appropriate:
mount.sh:
#!/bin/bash
cryptsetup --verify-passphrase --verbose --hash=md5 --cipher=aes
--key-size=256 create filearchive /dev/hda4
mount /filearchive /dev/mapper/filearchive
umount.sh:
#!/bin/bash
umount -f /filearchive
cryptsetup remove filearchive
Now you have to just type ./mount.sh from whatever directory the script
is in, and type the password.
Cheers,
Alex
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
