SSLUG-msg00209.html

[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]

[an error occurred while processing this directive] [an error occurred while processing this directive]

	Home		Subscribe		Mail Archive		Forum		Calendar		Search
	Date:				Thread:

Re: [TEKNIK] Kryptering af /home

To: sslug@sslug
Subject: Re: [TEKNIK] Kryptering af /home
From: "Jens Tornøe" <sslug@sslug>
Date: Wed, 18 Mar 2009 13:57:56 +0100
Newsgroups: sslug.teknik
Organization: SSLUG
References: <sslug@sslug> <sslug@sslug> <sslug@sslug> <sslug@sslug> <sslug@sslug> <sslug@sslug>

"Mogens Kjaer" <sslug@sslug> wrote in message 
news:sslug@sslug
> Jens Tornøe wrote:
> ...
>> Tak for henvisningen til cryptmount, det var umiddelbart nemt at sætte 
>> op.
>> Men hvordan undgår jeg at brugeren skal indtaste password, jf. mit første
>> indlæg?
>
> Nogen skal jo indtaste et password på et-eller-andet tidspunkt,
> ellers er krypteringen ikke meget værd.

Det var så det, der viste sig at være den egentlige kerne i mit problem: 
Hvordan kan man automatisk åbne et krypteret filsystem, uden at nøglen 
ligger på samme maskine. MAO, hvis maskinen stjæles, skal man ikke kunne 
låse filsystemet op, da man ikke har nøglen.

Efter at have tænkt lidt over det, kom jeg frem til flg. løsning (som dog 
ikke er implementeret endnu): Som nøgle bruges MAC-addressen fra en ekstern 
enhed, i mit tilfælde min router. Ved boot hentes MAC-addressen med 
arp -a|grep <routerens ip>| cut -b <de relevante tegn> og bruges som nøgle. 
Det skulle kunne ske helt automatisk, hvis scriptet først kører efter eth0 
er kommet op. Hvis så maskinen bliver stjålet, mangler tyven MAC-addressen, 
og kan ikke komme ind på det krypterede filsystem (medmindre han altså også 
stjæler routeren... ;)

/Jens

Follow-Ups:
- Re: [TEKNIK] Kryptering af /home
  - From: E. Sjørlund

References:
- Kryptering af /home
  - From: Jens Tornøe
- Re: [TEKNIK] Kryptering af /home
  - From: Niels Elgaard Larsen
- Re: [TEKNIK] Kryptering af /home
  - From: Jens Tornøe
- Re: [TEKNIK] Kryptering af /home
  - From: Mogens Kjaer

Prev by Date: Re: [TEKNIK] hvad hedder sådan et stik?
Next by Date: Re: [TEKNIK] Kryptering af /home, E. Sjørlund
Previous by Thread: SV: Re: [TEKNIK] Kryptering af /home
Next by Thread: Re: [TEKNIK] Kryptering af /home
Index(es)
- Date Index
- Thread Index

Home

Subscribe

Mail Archive

Index

Calendar

Search

Questions about the web-pages to <www_admin>.

Last modified 2009-04-01, 02:01 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *