-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Alkis, thank you very much for your reply. My answers are below:
On 02.06.2015 06:32, Alkis Georgopoulos wrote: > On 01/06/2015 11:03 μμ, Ivan Mincik wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Dear LTSP developers, I am wondering if it is possible to setup >> encrypted NBD root device which I want to use in some other Open >> Source project. I have just found, that LTSP is using encrypted >> NBD, but only for swap device. Is there any technical reason, >> that it is not possible to do so for root device ? >> > > If the server is to encrypt something, and only specific (=LTSP) > clients to be able to decrypt it, then they need some special > information from the server, e.g. the server's private encryption > key or something. > How are you planning to deploy that to netbooted clients? They need > local storage for that... alternatively, the root file system > encryption can be based on the client's hardware specific > information, that is transferred securely to the server and used as > a seed to the server's private encryption key (multi-key > encryption). I was thinking that if we would use encrypted root, only system administrator would be able to boot client machines by manually entering password. Or, do you know any better solution ? > > For the swap partition it's not the same, it's the client itself > that formats + encrypts the swap partition, not the server. Thanks for explanation. - -- Ivan Minčík ivan.min...@gmail.com GPG: 0x79529A1E http://imincik.github.io/0x79529A1E.key ivan.min...@gista.sk GPG: 0xD714B02C http://imincik.github.io/0xD714B02C.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVbaMmAAoJEPfdLsR5UpoeoJQIAJCcn0hRngixxhi9H5qGY6Kx zB4UF0tI2qE5sckd9vlcV78L6G67aI/c3JhNstvOXMT06vA+dr0ugBnMHF+SRdz0 Xskwr/1Tv+ffdKZ8Be1BgfL6hGjcInS4RE0ZAIhjrn4dBBwGbIHBwJeLAmVp0l15 Aq+6zLrTDwkT/UtR5BkO2/jDVhDYhaoVoBdoLSuYPRYObKDxSAbkmFq2OQ9bszp4 Huh3JX24/kh0l8IJPiaCtzHOkYGZC3xlgdnfHcQX0A6p1NJsvziZaVgM45GXip63 0ONVIuNa9Y8KAjOzkqP05wQQNkcWTwLjKDdNx5h9mHMcKG3yFA+f7o1ul2gVRRc= =Lm18 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
