Am Mittwoch, den 14.02.2018, 19:18 +0100 schrieb Môshe van der Sterre: > On 02/14/2018 02:21 PM, Benjamin Drung wrote: > > If the UEFI is as secure as storing an unencrypted file on a hard > > drive, I am satisfied. Or do you have a better idea where to store > > the > > SSH keys for a diskless system that boots via network? > > I assume it would be best to use TPM for this (if your systems have > TPM chips), it is designed for use-cases like this. Searching for > "tpm ssh keys" gives a decent amount of results. Mostly targeted at > user keys instead of server keys, so this might need some tinkering > to get working.
I check our systems. They just have TPM headers, but no TPM chips according to the user manual. The directory /sys/class/tpm/ is either empty or not existing. Adding TPM chips to all servers is no too expensive (to much man power required). So sadly, this is no option for us. -- Benjamin Drung System Developer Debian & Ubuntu Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Email: benjamin.dr...@profitbricks.com URL: https://www.profitbricks.de Sitz der Gesellschaft: Berlin Registergericht: Amtsgericht Charlottenburg, HRB 125506 B Geschäftsführer: Achim Weiss, Matthias Steinberg