FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 08-01-2008, 03:11 PM
Bob Smith
 
Default encrypted /tmp? encrypted home dir but remotely rebootable?

I've worked out how to set up encrypted swap and /home/bob on my
laptop, but is it possible to set up encrypted /tmp too? If so,
how big does the /tmp partition need to be?

Also, I want to make my home computer remotely rebootable but
with some encrypted stuff: swap, /tmp (if possible), and
/home/bob. Has anyone set a computer up so that it can rebooted
without having someone sitting at the keyboard to type in the
passphrase, but so you can ssh to it later and mount your own
home directory? Or maybe I need to have two userids for this,
bob1 who has access to sudo cryptsetup to mount /home/bob, then
log out and back in again as bob?

Thanks for any tips.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 08-02-2008, 02:57 PM
Bob Smith
 
Default encrypted /tmp? encrypted home dir but remotely rebootable?

I've worked out how to set up encrypted swap and /home/bob on my
laptop, but is it possible to set up encrypted /tmp too? If so,
how big does the /tmp partition need to be?

Also, I want to make my home computer remotely rebootable but
with some encrypted stuff: swap, /tmp (if possible), and
/home/bob. Has anyone set a computer up so that it can rebooted
without having someone sitting at the keyboard to type in the
passphrase, but so you can ssh to it later and mount your own
home directory? Or maybe I need to have two userids for this,
bob1 who has access to sudo cryptsetup to mount /home/bob, then
log out and back in again as bob?

Thanks for any tips.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 08-03-2008, 11:13 AM
Karl Larsen
 
Default encrypted /tmp? encrypted home dir but remotely rebootable?

Bob Smith wrote:
> I've worked out how to set up encrypted swap and /home/bob on my
> laptop, but is it possible to set up encrypted /tmp too? If so,
> how big does the /tmp partition need to be?
>
> Also, I want to make my home computer remotely rebootable but
> with some encrypted stuff: swap, /tmp (if possible), and
> /home/bob. Has anyone set a computer up so that it can rebooted
> without having someone sitting at the keyboard to type in the
> passphrase, but so you can ssh to it later and mount your own
> home directory? Or maybe I need to have two userids for this,
> bob1 who has access to sudo cryptsetup to mount /home/bob, then
> log out and back in again as bob?
>
> Thanks for any tips.
>
>
Bob you have already gone way to far with with your encrypted home
directory. Take all that stuff off and use your password. I have used
ssh for years and never had a problem.

To get on your computer a person needs to know the IP of your
system, your home name and password.

Not sure how you turn on your computer from the remote location but
new computers seem to be made to do that.

Karl


--

Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
PGP 4208 4D6E 595F 22B9 FF1C ECB6 4A3C 2C54 FE23 53A7


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 08-03-2008, 12:27 PM
"Brian McKee"
 
Default encrypted /tmp? encrypted home dir but remotely rebootable?

On Sun, Aug 3, 2008 at 7:13 AM, Karl Larsen <k5di@zianet.com> wrote:
> Bob Smith wrote:
>> I've worked out how to set up encrypted swap and /home/bob on my
>> laptop, but is it possible to set up encrypted /tmp too? If so,
>> how big does the /tmp partition need to be?
>>
>> Also, I want to make my home computer remotely rebootable but
>> with some encrypted stuff: swap, /tmp (if possible), and
>> /home/bob. Has anyone set a computer up so that it can rebooted
>> without having someone sitting at the keyboard to type in the
>> passphrase, but so you can ssh to it later and mount your own
>> home directory? Or maybe I need to have two userids for this,
>> bob1 who has access to sudo cryptsetup to mount /home/bob, then
>> log out and back in again as bob?
>>
>> Thanks for any tips.
>>
>>
> Bob you have already gone way to far with with your encrypted home
> directory. Take all that stuff off and use your password. I have used
> ssh for years and never had a problem.

Karl, the point of encryption is it's the only way to prevent your
data from being accessed when they have physical possession of your
hard drive.

Bob - I'm curious - how did you encrypt swap and still use hibernate?
I was under the impression that was still not doable...

I like to have a gig of space in /tmp, but that's because I use
programs that use /tmp as a staging area to create iso's in. I think
some video transcoding stuff may default to using it as well. Of
course, if it's encrypted and you have unencrypted space you'd
probably be better doing that work there - at least a bit faster
without the encryption - unless the transcoding work is something you
specifically wanted encrypted I guess. A quick google showed me a
fair range of opinion on the subject :-)

The double log-in thing makes sense to me - that way you have the
benefit of the fact that cracking your box when you aren't using it
gives them nothing but your empty bob1 account. Sounds good anyway -
I've not done something like that.

Why not just encrypt everything (whole drive?)

Brian

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 08-04-2008, 12:21 AM
Bob Smith
 
Default encrypted /tmp? encrypted home dir but remotely rebootable?

> Bob you have already gone way to far with with your encrypted home
> directory. Take all that stuff off and use your password. I have used
> ssh for years and never had a problem.
>
> To get on your computer a person needs to know the IP of your
> system, your home name and password.
>
> Not sure how you turn on your computer from the remote location but
> new computers seem to be made to do that.

What if someone steals your computer and sticks the hard drive in
another machine (with your financial records, personal e-mail, and so
on)?

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 08-04-2008, 11:46 AM
Anonymous Sender
 
Default encrypted /tmp? encrypted home dir but remotely rebootable?

> Bob you have already gone way to far with with your encrypted home
> directory. Take all that stuff off and use your password. I have used
> ssh for years and never had a problem.
>
> To get on your computer a person needs to know the IP of your
> system, your home name and password.
>
> Not sure how you turn on your computer from the remote location but
> new computers seem to be made to do that.

What if someone steals your computer and sticks the hard drive in
another machine (with your financial records, personal e-mail, and so
on)?

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 08-06-2008, 05:00 PM
Bob Smith
 
Default encrypted /tmp? encrypted home dir but remotely rebootable?

> >> I've worked out how to set up encrypted swap and /home/bob on my
> >> laptop, but is it possible to set up encrypted /tmp too? If so,
> >> how big does the /tmp partition need to be?

> Bob - I'm curious - how did you encrypt swap and still use hibernate?
> I was under the impression that was still not doable...

I don't use hibernate! (Because I heard it wouldn't work!)

> Why not just encrypt everything (whole drive?)

Last time there was a power cut I was away from home and needed to log
in to my home computer. I phoned my housemate to push the "on"
button. I'd like to be able to get him to do that, and then be able to
mount my encrypted home directory remotely, so I don't have to give
him the LUKS passphrase.

If you do whole-drive encryption, or put things in /etc/fstab that are
supposed to mount at boot time and depend on things in /etc/crypttab
(other than swap), he would have to enter the passphrase before it got
as far as starting the sshd.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 08-06-2008, 11:42 PM
Derek Broughton
 
Default encrypted /tmp? encrypted home dir but remotely rebootable?

Bob Smith wrote:

>> >> I've worked out how to set up encrypted swap and /home/bob on my
>> >> laptop, but is it possible to set up encrypted /tmp too? If so,
>> >> how big does the /tmp partition need to be?
>
>> Bob - I'm curious - how did you encrypt swap and still use hibernate?
>> I was under the impression that was still not doable...
>
> I don't use hibernate! (Because I heard it wouldn't work!

I shouldn't think...
>
>> Why not just encrypt everything (whole drive?)
>
> Last time there was a power cut I was away from home and needed to log
> in to my home computer. I phoned my housemate to push the "on"
> button. I'd like to be able to get him to do that, and then be able to
> mount my encrypted home directory remotely, so I don't have to give
> him the LUKS passphrase.
>
> If you do whole-drive encryption, or put things in /etc/fstab that are
> supposed to mount at boot time and depend on things in /etc/crypttab
> (other than swap), he would have to enter the passphrase before it got
> as far as starting the sshd.

Yes. And there's absolutely no reason that most of /, /bin, /sbin and /usr
should be encrypted anyway. /etc _mostly_ doesn't need it, but it does
tend to have the files with passwords.
--
derek


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 10:39 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org