[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [TEKNIK] Kryptering af /home



"Mogens Kjaer" <sslug@sslug> wrote in message 
news:sslug@sslug
> Jens Tornøe wrote:
> ...
>> Tak for henvisningen til cryptmount, det var umiddelbart nemt at sætte 
>> op.
>> Men hvordan undgår jeg at brugeren skal indtaste password, jf. mit første
>> indlæg?
>
> Nogen skal jo indtaste et password på et-eller-andet tidspunkt,
> ellers er krypteringen ikke meget værd.

Det var så det, der viste sig at være den egentlige kerne i mit problem: 
Hvordan kan man automatisk åbne et krypteret filsystem, uden at nøglen 
ligger på samme maskine. MAO, hvis maskinen stjæles, skal man ikke kunne 
låse filsystemet op, da man ikke har nøglen.

Efter at have tænkt lidt over det, kom jeg frem til flg. løsning (som dog 
ikke er implementeret endnu): Som nøgle bruges MAC-addressen fra en ekstern 
enhed, i mit tilfælde min router. Ved boot hentes MAC-addressen med 
arp -a|grep <routerens ip>| cut -b <de relevante tegn> og bruges som nøgle. 
Det skulle kunne ske helt automatisk, hvis scriptet først kører efter eth0 
er kommet op. Hvis så maskinen bliver stjålet, mangler tyven MAC-addressen, 
og kan ikke komme ind på det krypterede filsystem (medmindre han altså også 
stjæler routeren... ;)

/Jens 




 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2009-04-01, 02:01 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *