I keep a /crypt noauto partition that I mount manually by passphrase via ssh after the server is booted.
And don't keep 'sensitive' info in other partitions...
On Mon, May 27, 2024 at 11:57 AM <04-psyche.totter@icloud.com> wrote:
Thanks all for your thoughts.Regarding the remote serial console access, unfortunately, it is not possible in my case.I do not have IPMI or something similar :(On Mon, 27 May 2024 at 08:17, Manuel Giraud <manuel_at_ledu-giraud_fr_rmp93abv53d47h_m6783488@icloud.com> wrote:Stefan Kreutz <mail@skreutz.com> writes:
> Can you access the machine's serial console, maybe redirected over IP?
I concur that a remote serial console access (maybe via a web interface
serviced by your provider) is your best option here.
I used to do (almost) FDE without console access but here is list of
drawbacks/requirements:
- It is not really FDE because / was not encrypted
- It required patching /etc/rc with the patch at the end of this
message
- The "/root/sshd" from this patch is a self-contained sshd
without the need of any external library. It is *not* a copy
of /usr/sbin/sshd and you have to compile it yourself (and I
don't remenber how)
Best regards,
--
Manuel Giraud
No comments:
Post a Comment