Re: Unusual LUKS setup

2017-08-16 Thread Zenaan Harkness
On Wed, Aug 16, 2017 at 09:48:23AM +0200, Bastien Durel wrote: > Le lundi 14 août 2017 à 17:35 +0200, Nicolas George a écrit : > > Le septidi 27 thermidor, an CCXXV, Bastien Durel a écrit : > > > You don't. pam_mount will ask you for your password (after ssh > > > authentication) if you didn't

Re: Unusual LUKS setup

2017-08-16 Thread Zenaan Harkness
On Wed, Aug 16, 2017 at 09:33:40AM +0200, to...@tuxteam.de wrote: > On Wed, Aug 16, 2017 at 12:48:58PM +1000, Zenaan Harkness wrote: > > On Tue, Aug 15, 2017 at 09:00:05PM +0200, to...@tuxteam.de wrote: > > > On Wed, Aug 16, 2017 at 01:28:13AM +1000, Zenaan Harkness wrote: > > > > On Tue, Aug 15,

Re: Unusual LUKS setup

2017-08-16 Thread Bastien Durel
Le lundi 14 août 2017 à 17:35 +0200, Nicolas George a écrit : > Le septidi 27 thermidor, an CCXXV, Bastien Durel a écrit : > > You don't. pam_mount will ask you for your password (after ssh > > authentication) if you didn't provided one > > Thanks for the clarification. If you are right, then you

Re: Unusual LUKS setup

2017-08-16 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Aug 16, 2017 at 12:48:58PM +1000, Zenaan Harkness wrote: > On Tue, Aug 15, 2017 at 09:00:05PM +0200, to...@tuxteam.de wrote: > > On Wed, Aug 16, 2017 at 01:28:13AM +1000, Zenaan Harkness wrote: > > > On Tue, Aug 15, 2017 at 12:13:21PM +,

Re: Unusual LUKS setup

2017-08-15 Thread Zenaan Harkness
On Tue, Aug 15, 2017 at 09:00:05PM +0200, to...@tuxteam.de wrote: > On Wed, Aug 16, 2017 at 01:28:13AM +1000, Zenaan Harkness wrote: > > On Tue, Aug 15, 2017 at 12:13:21PM +, Curt wrote: > > [...] > > > > Christ! What happened to Little Goody Two-Shoes? > > > > This is a family friendly

Re: Unusual LUKS setup

2017-08-15 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Aug 15, 2017 at 08:35:56PM +0100, Brian wrote: > On Tue 15 Aug 2017 at 20:57:44 +0200, to...@tuxteam.de wrote: > > > On Tue, Aug 15, 2017 at 12:13:21PM +, Curt wrote: > > > On 2017-08-14, to...@tuxteam.de wrote: > > > >

Re: Unusual LUKS setup

2017-08-15 Thread Brian
On Tue 15 Aug 2017 at 20:57:44 +0200, to...@tuxteam.de wrote: > On Tue, Aug 15, 2017 at 12:13:21PM +, Curt wrote: > > On 2017-08-14, to...@tuxteam.de wrote: > > > > > > > > > And you are either prey to a God complex (knowing better what's right > > > for others) or a helper

Re: Unusual LUKS setup

2017-08-15 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Aug 16, 2017 at 01:28:13AM +1000, Zenaan Harkness wrote: > On Tue, Aug 15, 2017 at 12:13:21PM +, Curt wrote: [...] > > Christ! What happened to Little Goody Two-Shoes? > > This is a family friendly list, You sure? >

Re: Unusual LUKS setup

2017-08-15 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Aug 15, 2017 at 12:13:21PM +, Curt wrote: > On 2017-08-14, to...@tuxteam.de wrote: > > > > > > And you are either prey to a God complex (knowing better what's right > > for others) or a helper syndrome. Or both. > > > >

Re: Unusual LUKS setup

2017-08-15 Thread Zenaan Harkness
On Tue, Aug 15, 2017 at 12:13:21PM +, Curt wrote: > On 2017-08-14, to...@tuxteam.de wrote: > > > > > > And you are either prey to a God complex (knowing better what's right > > for others) or a helper syndrome. Or both. > > > > Christ! What happened to Little Goody

Re: Unusual LUKS setup

2017-08-15 Thread Curt
On 2017-08-14, to...@tuxteam.de wrote: > > > And you are either prey to a God complex (knowing better what's right > for others) or a helper syndrome. Or both. > Christ! What happened to Little Goody Two-Shoes? -- "If you want to build a ship, don’t herd people together to

Re: Unusual LUKS setup

2017-08-14 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Aug 14, 2017 at 05:43:04PM +0200, Nicolas George wrote: > Le septidi 27 thermidor, an CCXXV, to...@tuxteam.de a écrit : > > I see. Still, you could perhaps use your trick to "collect" the > > passphrase early. > > Even if I could find a

Re: Unusual LUKS setup

2017-08-14 Thread Nicolas George
Le septidi 27 thermidor, an CCXXV, to...@tuxteam.de a écrit : > I see. Still, you could perhaps use your trick to "collect" the > passphrase early. Even if I could find a convenient way to enter the pass phrase as early as the bootloader, it cannot happen before the end of the POST, and the POST

Re: Unusual LUKS setup

2017-08-14 Thread Nicolas George
Le septidi 27 thermidor, an CCXXV, Bastien Durel a écrit : > You don't. pam_mount will ask you for your password (after ssh > authentication) if you didn't provided one Thanks for the clarification. If you are right, then you probably should file a bug report for outdated documentation. But

Re: Unusual LUKS setup

2017-08-14 Thread Bastien Durel
Le lundi 14 août 2017 à 16:17 +0200, Nicolas George a écrit : > - If you use SSH, you have to adjust /etc/ssh/sshd_config like this: > > UsePAM yes > UsePrivilegeSeparation no > ChallengeResponseAuthentication no > PasswordAuthentication yes You don't. pam_mount will ask you for your

Re: Unusual LUKS setup

2017-08-14 Thread Nicolas George
Le septidi 27 thermidor, an CCXXV, to...@tuxteam.de a écrit : > I tend to the other extreme: everything (save /boot) is encrypted, > as one big (physical, in the LVM sense) volume. Partitions whithin > it are logical (LVM) volumes. Yes, that's more or less the standard > Debian way. > > Among

Re: Unusual LUKS setup

2017-08-14 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Aug 14, 2017 at 04:26:09PM +0200, Nicolas George wrote: > Le septidi 27 thermidor, an CCXXV, to...@tuxteam.de a écrit : > > I tend to the other extreme [...] > No, it is not the earliest point [...] I see. Still, you could perhaps use your

Re: Unusual LUKS setup

2017-08-14 Thread Nicolas George
Le septidi 27 thermidor, an CCXXV, Darac Marjal a écrit : > It sounds to me, then, that you'd like the system to be unencrypted, but > your home to be encrypted. Indeed, that is exactly what I have now. >You want to look into PAM, which I'm sure can do > this. With

Re: Unusual LUKS setup

2017-08-14 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Aug 14, 2017 at 11:27:00AM +0200, Nicolas George wrote: > Hi. > > I have been using LUKS to encrypt part of my system, with a rather > unusual setup, and I would like to ask for advice on making it more > standard without sacrificing my

Re: Unusual LUKS setup

2017-08-14 Thread Darac Marjal
On Mon, Aug 14, 2017 at 11:27:00AM +0200, Nicolas George wrote: Hi. I have been using LUKS to encrypt part of my system, with a rather unusual setup, and I would like to ask for advice on making it more standard without sacrificing my requirements. My requirements are: - Protect me from

Unusual LUKS setup

2017-08-14 Thread Nicolas George
Hi. I have been using LUKS to encrypt part of my system, with a rather unusual setup, and I would like to ask for advice on making it more standard without sacrificing my requirements. My requirements are: - Protect me from casual invasions of my privacy in case the computer were stolen. -