[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh clarification needed

Anne Wilson-4 wrote:
>>   The general recomendation for any laptop (with anything sufficiently
>> private) is to encrypt the disk. My preference is to (luks) encrypt
>> /home and swap 
> I have luks encryption on /home on the netbook - which is what I'm really 
> thinking about.  

It depends on how paranoid you are about security. However if the laptop is
stolen and someone with knowledge has physical access to your machine and
can remove the HD then it is possible to glean quite a lot of information
about your system from the swap partition if that was no encrypted, and
indeed from parts of the root partition - it is not the root user area but
some useful information is held in /var for instance. If you really want to
be safe then in install selecting the encrypt option for all your partitions
except /boot is the way to go, and in F10 if you use the same passphrase for
all the partitions then on bootup you will only need to enter the passphrase
once to get the machine started.  In this case your ssh keys will only be
accessible to someone who can a) boot the machine using the luks passphrase
for accessing the machine at all, and b) even if they did they would need to
have root access to get at the .ssh area in your user area.

If someone could boot the machine into single user mode then they could get
in b ut only if they have the luks passphrase. So doing a fully encrypted
install is pretty safe in the event the laptop got into the wrong hands. I
am not even sure any of the tools currently available would be able to
compromise a machine installed that way but no doubt other security experts
will comment on that.

>> and then bind mount /tmp and /var/tmp out of /home/tmp
>> /home/var/tmp. 
> I don't understand that bit, I'm afraid.
Basically the files within /tmp are referenced to /home/tmp instead - so
there is nothing in the root partition in /tmp and only if the machine is
booted with the encrypted partition /home available then using /tmp in fact
uses /home/tmp and is therefore unavailable  cleartext/unencrypted even if
the disk was removed from the computer and examined. Similarly for /var/tmp. 
So setting up the bind mount(s) means that no valuable data resides in the
unencrypted / partition. Hence not necessary if / is encrypted also.  In
addition of course the files take up space in /home and not in / but that
may not be an important factor for you.

By the way doing backups or file transfers is as the previous poster
mentioned hardly affected in speed if you have the disk encrypted with
dmcrypt-luks - it is very efficient and certainly the way to go if you want
to encrypt at all, in my view anyway.

> Again, I assumed that it was not possible for an intruder to get as far as 
> swap.  If I'm wrong, how can that be encrypted after an install?

You can set up encryption after the event but it is a lot easier to let the
install do it! Any unencrypted partition can be accessed using disk
forensics by anyone having physical access to the machine - just remove the
drive and make a disc copy and then run one the various forensics tools
available to pull files from the disc copy - it is done regularly by
security and police to retrieve files from computers owned by criminals,
even if files have been "deleted" - 

View this message in context: http://www.nabble.com/ssh-clarification-needed-tp21274919p21277976.html
Sent from the Fedora List mailing list archive at Nabble.com.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]