Remote authentication?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, 

Maybe you can help me. I'm trying to evaluate what encryption solution would be best for my company's setup.

We provide a computer that acts as a server for our customers, who have no physical interaction with the machine.
We need the data on this machine to be decrypted as it is needed by a number of services on-the-fly.
As we need to provide automatica authentication we either need to:

Keep the parts of the filesystem required to boot up and allow an OpenVPN ssh session - permanently decrypted - so that we can remotely authenticate.
or 
Provide a usb key containing the secret key to our customer and read this key when the machine boots.

Obviously the latter option involves more risk as someone intending on stealing the machine need only steal its acompanying usb key should the customer not keep it safe. Also, if the power were to go we need a way to automatically authenticate meaning the key would have to be paired with the machine at all times.

We currently have OpenVPN set up on the machine we want to encrypt so that it keeps contacting us to tell us it is online and it initiates an OpenVPN connection with us when it does go online, so half the work is done in this regard.

I was just wondering if your product would support custom authentication in this manner? and if you have any further suggestions, either on what files would have to remain decrypted for this to work, or what possible alternatives there may be.

If you need any further description of the above please let me know.


Thanks.


--
Niall
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux