encrypted /tmp? encrypted home dir but remotely rebootable?
Derek Broughton
news at pointerstop.ca
Wed Aug 6 23:42:19 UTC 2008
Bob Smith wrote:
>> >> I've worked out how to set up encrypted swap and /home/bob on my
>> >> laptop, but is it possible to set up encrypted /tmp too? If so,
>> >> how big does the /tmp partition need to be?
>
>> Bob - I'm curious - how did you encrypt swap and still use hibernate?
>> I was under the impression that was still not doable...
>
> I don't use hibernate! (Because I heard it wouldn't work!
I shouldn't think...
>
>> Why not just encrypt everything (whole drive?)
>
> Last time there was a power cut I was away from home and needed to log
> in to my home computer. I phoned my housemate to push the "on"
> button. I'd like to be able to get him to do that, and then be able to
> mount my encrypted home directory remotely, so I don't have to give
> him the LUKS passphrase.
>
> If you do whole-drive encryption, or put things in /etc/fstab that are
> supposed to mount at boot time and depend on things in /etc/crypttab
> (other than swap), he would have to enter the passphrase before it got
> as far as starting the sshd.
Yes. And there's absolutely no reason that most of /, /bin, /sbin and /usr
should be encrypted anyway. /etc _mostly_ doesn't need it, but it does
tend to have the files with passwords.
--
derek
More information about the ubuntu-users
mailing list