Using the format specified in the file Documentation/nfsroot.txt of the Linux kernel documentation. To do this edit the file /etc/default/grub and define the line: The trick involves embedding a small ssh server ( dropbear) in the initramfs that allows you to enter the password remotely for the root partition at boot time.įor those who are lucky enough to use Debian, the procedure is so simple and easy as ::ġ) Install your server with the root partition encrypted.Īpt-get install openssh-server dropbear busyboxģ) Copy the SSH key that has been generated automaticallyĤ) If your server gets the IP address automatically (DHCP) ignore this step, otherwise you have to specify the IP configuration at the Kernel boot line. Thanks to this nifty trick, you can enter the password remotely during the boot process. The problem is that if you encrypt the whole hard disk (the root partition) you will need some kind of KVM to type the password remotely every time the server is restarted … sure? No! If you are thinking on sending a new server to a remote datacenter for colocation or you have rented one or more servers in the cloud, probably you have thought that you would like to encrypt your server’s hard disk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |