On Mon, Jan 24, 2011 at 12:06, Andrew McGlashan < [email protected]> wrote:
> Jonas Andradas wrote: > >> In particular, both "mandos" and "mandos-client" have Debian packages >> available. >> >> [1] http://www.fukt.bsnet.se/mandos >> > > That sounds interesting, but why not run the Mandos server ONLY when you > are restarting machines. The Mandos server could be a tiny VM or even a > boot from a USB thumb drive -- the USB could be locked away in a safe until > required. A copy of the USB could be stored in a bank vault. The only time > that the USB is needed is when you must restart a server or re-mount a file > system protected by this scheme. No need to continually run a Mandos server > anywhere. > > -- > Kind Regards > AndrewM > > Andrew McGlashan > Broadband Solutions now including VoIP > > Hello Andrew, however, having to start up the Mandos server in order for the host to start-up could defeat the purpose of Mandos itself, which is supposed to allow servers to start up autonomously, without human intervention. Of course, you could always have your monitoring software detect the server failure or reboot and as an action, trigger the startup of a Mandos VM. In this case, however, the Mandos server probably would not be full-disk encrypted (otherwise, it would need human intervention to start or another Mandos-server running somewhere), but maybe it would be possible to come up with an interesting setup to achieve this. Best Regards, -- Jonás Andradas Skype: jontux LinkedIn: http://www.linkedin.com/in/andradas GPG Fingerprint: 678F 7BD0 83C3 28CE 9E8F 3F7F 4D87 9996 E0C6 9372 Keyservers: pgp.mit.edu | pgp.rediris.es
