[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Encrypting FS by a normal user? to protect from root?
- Subject: [ale] Encrypting FS by a normal user? to protect from root?
- From: Jeremy.Bouse at UnderGrid.net (Jeremy T. Bouse)
- Date: Fri, 16 Mar 2007 16:41:44 -0400
- In-reply-to: <[email protected]>
- References: <[email protected]>
Have you thought about using LUKS to create an encrypted file that
could be mounted through loopback? You could generate it locally as root
and then copy it off-site. Even if they were root off-site they still
would not be able to get to the data held within unless they had the
proper key to decrypt the FS.
I use this for my USB key fob that holds my GPG and SSH keys. I have 2
identical drives both with separate decryption keys, one holds my GPG
primary keys and is stored in my safe the other holds my GPG sub-keys
and SSH identity keys that I keep with me. I particularly like that LUKS
allows for multiple decryption keys so when I'm accessing the drive I'm
not always using the same key to access it.
Regards,
Jeremy
Greg Freemyer wrote:
> All,
>
> I want to start sending data offsite as a backup (3rd copy for DR,
> already have live and onsite nightly copy).
>
> I'm considering the Dreamhost because they seem by far cheapest I've
> seen. The trouble is I would have SSH access, but not root access.
>
> I would really like to create an encrypted FS that I could access but
> that root would not be able to access. I'm hoping that their is a
> FUSE FS that might allow this.
>
> The next issue is keeping root from doing a su and becoming me to access the FS.
>
> Anyone know any solutions?
>
> Greg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature