[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh clarification needed



On 01/04/2009 09:03 AM, Anne Wilson wrote:

> Hmm - Is there no reasonably safe way of doing this?  There seems to be some 
> risk with everything.   I've not lost a usb stick yet, but one can never 
> guarantee that one won't.

  The general recomendation for any laptop (with anything sufficiently
private) is to encrypt the disk. My preference is to (luks) encrypt
/home and swap and then bind mount /tmp and /var/tmp out of /home/tmp
/home/var/tmp. You could encrypt root as well and then skip the bind
mounts.

  Many (if not most) businesses these days require laptops all be
encrypted - certainly mine does. (See some posts by mike.cloaked on
encryption in F10)

  Avoid any fuse type encryptions - nice toys to test things but they
are very slow. Using encryption (encfs is the default in Luks) does not
impact my daily activities at all speed wise, tho' backup/restores may
be a little slower. Witrh encrypted swap you likely cannot hibernate tho
suspend may be an option - I usually just shutdown and reboot.

  In addition, as Tom mentioned, you likely use a passphrase to protect
your ssh private key (and like most of us probably use ssh-agent so you
dont need to keep typing it).

 gene/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]