[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh clarification needed



Mail Lists wrote:
On 01/04/2009 09:03 AM, Anne Wilson wrote:

Hmm - Is there no reasonably safe way of doing this? There seems to be some risk with everything. I've not lost a usb stick yet, but one can never guarantee that one won't.

  The general recomendation for any laptop (with anything sufficiently
private) is to encrypt the disk. My preference is to (luks) encrypt
/home and swap and then bind mount /tmp and /var/tmp out of /home/tmp
/home/var/tmp. You could encrypt root as well and then skip the bind
mounts.

My experience with bind mounts is that they tend to make SElinux complain a lot. I have one system which mounts my personal home directory out of /mnt/other/home/username by bind mounting it to /home/username. SElinux has a litany of complaints, to the point that I spent hours telling it to ignore things. On FC9, if it matters.

--
Bill Davidsen <davidsen tmr com>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]