1

During the clean installation of CentOS 6.3, I choose to encrypt the primary partition / (the whole drive) (obviously except /boot).

My point is to have fully encrypted drive (8 drives in RAID10) but at the same time being able to reboot via SSH and not to be prompted to enter password as it's remove server (located in data-center).

My question is, how do i achieve it? How do I keep my drives encrypted and at the same time have the ability to reboot my server remotely without entering password on boot?

Ilia Ross
  • 1,086
  • 1
  • 10
  • 20
  • Can you get remote console access to the server via a method you trust? You could then remotely reboot the server, and then enter the passphrase to unlock the boot. – becomingwisest Jan 12 '13 at 21:31
  • You mean something like iLO, RMM3, DRAC? Well.. Don't know about that as I don't think it's pretty secure either! Don't know what would be other options though! – Ilia Ross Jan 12 '13 at 21:53

1 Answers1

1

How do I keep my drives encrypted and at the same time have the ability to reboot my server remotely without entering password on boot?

You don't. As you have realised, if you store the password/decryption key with the server, it's accessible should you be rooted or otherwise compromised. If you don't, reboots are non-trivial.

Why do you want to encrypt the entire of / anyway? What good does encrypting the OS itself do (I mean, even if you manage this, it'll lower your boot time since it has to decrypt before using them).

That is, why not just encrypt /home just most distributions offer? Then when you login /home is decrypted and mounted.

Jay
  • 6,544
  • 25
  • 34
  • Actually, that what I would encrypt eventually `/home` and `/tmp`. I'm just testing it so far on the local machine. So, you're saying that if I only encrypt home, then it will not ask me for password on boot? Where the passwords will be stored to unencrypt `/home`then and how? – Ilia Ross Jan 12 '13 at 20:44
  • I've just tested. It still requires password for `/home` on boot. Is there a way to encrypt the password and store it some where and then insert it on BOOT? – Ilia Ross Jan 12 '13 at 21:01
  • I think http://wiki.centos.org/HowTos/EncryptedFilesystem will answer most of your questions here. `Is there a way to encrypt the password and store it some where and then insert it on BOOT?` - this will entirely defeat the purpose of encrypting `/home`. The main reason for encrypting is if someone breaks into your server room and steals your server, they cannot get access at your data. Since the drive is mounted for read/write during normal server operations, hackers will *always* be able to access the unencrypted data (and, if you set it up like this, the keys need to decrypt it). – Jay Jan 12 '13 at 21:09
  • I understand it! I just wanted to make it less available. If the keys are stored encrypted some where on the drive it will not be that easy and that fast. All I want is to prevent possible idea of data-center sysops to access my data, just by removing drives. If it take more than 10 minutes for this possible opperation, than I could say that I have succeeded in pursuing my idea. If my unecryption keys stored somewhere and encrypted with sha-2, for example, you think it will be possible to find and decryt the keys in less than 10 minutes? – Ilia Ross Jan 12 '13 at 21:16
  • Yes. All we have to do, is follow the boot sequence. I take your boot drive, poke your `/etc/crypttab` to see where the password are. Then, I open that file, and hey presto, I can decrypt your drives. SHA2 is an irreversible hash. If you store the keys under SHA2, then your own server won't be able to decrypt them and mount your `/home`! What you are really doing here is [security though obscurity](http://en.wikipedia.org/wiki/Security_through_obscurity), which is no security at all. – Jay Jan 12 '13 at 21:34
  • :)) yeah. so there is no solution but making proper `service-level agreement (SLA)` with NOC? Is there a way to check that your drives are always inserted (not unpluged) and once they are to alert server owner somehow? if we're talking about RAID10 there is always mirroring drive. – Ilia Ross Jan 12 '13 at 21:45
  • 1
    I'm going to cut to the chase and just say no. If your NOC has physical access to the server, they will always be able to pwn you, no matter how hard you try to prevent it. If they want to mess with you, they can supply you with tampered hardware. So, you need to trust your NOC or just move elsewhere. – Jay Jan 13 '13 at 00:11
  • I'm using my own server! Ok, just theoretically, imagine, if you could encode and then chunk your drive's password than store each different piece of it somewhere on the drive, and then on system load, some program would assembled it in certain algorithm and pushed it during system boot! That wouldn't take few minutes to perform, right?! Is there no software like this, that you would be familiar with? – Ilia Ross Jan 13 '13 at 14:56
  • Yes, that would take more than a few minutes, but how is that relevant? If they want your data, they just have to say you have a "powercut" or something so they can hack at it (or clone it) for an extended period of time. – Jay Jan 13 '13 at 15:49
  • They can't say "we had powercut" as it's the data center with more that 1000 servers and uptime 99.998%, with 2 uninterruptible power generators. I just want to make it more complicated theoretically. Practically I don't worry. I trust them and don't bother that much about my information though! I just can't believe that there is no straightforward solution for such trivial matter! – Ilia Ross Jan 13 '13 at 20:04
  • 1
    This is my last contribution to this discussion. Powercut was an example, they could say your PSU has failed and need to chassis swap, say the network card failed and requires reinstallation. In most of these cases, NOC have a 4 hour SLA. More than enough time to clone your drives! The fact is, you are at their mercy. I think it's time you accepted that. – Jay Jan 13 '13 at 20:14