* [gentoo-user] Recovering root password
@ 2008-03-24 20:30 Grant
2008-03-24 20:34 ` Boris Fersing
` (4 more replies)
0 siblings, 5 replies; 39+ messages in thread
From: Grant @ 2008-03-24 20:30 UTC (permalink / raw
To: Gentoo mailing list
I've revived an old Gentoo laptop, but I've forgotten the root
password. I remember the password to my user account and I can log in
there fine. Can I recover the root password?
- Grant
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 20:30 [gentoo-user] Recovering root password Grant
@ 2008-03-24 20:34 ` Boris Fersing
2008-03-24 20:39 ` Dale
` (3 subsequent siblings)
4 siblings, 0 replies; 39+ messages in thread
From: Boris Fersing @ 2008-03-24 20:34 UTC (permalink / raw
To: gentoo-user
On Mon, Mar 24, 2008 at 4:30 PM, Grant <emailgrant@gmail.com> wrote:
> I've revived an old Gentoo laptop, but I've forgotten the root
> password. I remember the password to my user account and I can log in
> there fine. Can I recover the root password?
>
> - Grant
Hi,
boot with a liveCD, mount the gentoo partition, chroot into it and type 'passwd'
regards,
Boris.
> --
> gentoo-user@lists.gentoo.org mailing list
>
>
--
$ ruby -e'puts " .:@BFegiklnorst".unpack("x4ax7aaX6ax5aX15ax4aax6aaX7ax2 \
aX5aX8axaX3ax8aX4ax6aX3aX6ax3ax3aX9ax4ax2aX9axaX6ax3aX2ax4 \
ax3aX4aXaX12ax10aaX7a").join'
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 20:30 [gentoo-user] Recovering root password Grant
2008-03-24 20:34 ` Boris Fersing
@ 2008-03-24 20:39 ` Dale
2008-03-24 20:49 ` Florian Philipp
2008-03-24 20:40 ` Ricardo Saffi Marques
` (2 subsequent siblings)
4 siblings, 1 reply; 39+ messages in thread
From: Dale @ 2008-03-24 20:39 UTC (permalink / raw
To: gentoo-user
Grant wrote:
> I've revived an old Gentoo laptop, but I've forgotten the root
> password. I remember the password to my user account and I can log in
> there fine. Can I recover the root password?
>
> - Grant
>
I think you can boot into single user mode and reset it. You have to
put it on the end of the grub boot line but I can't recall what the
exact option is. May help you search tho.
You can also boot the CD and chroot in to reset it as well. I'm sure
that will work just as well.
Dale
:-) :-)
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 20:30 [gentoo-user] Recovering root password Grant
2008-03-24 20:34 ` Boris Fersing
2008-03-24 20:39 ` Dale
@ 2008-03-24 20:40 ` Ricardo Saffi Marques
2008-03-24 20:45 ` Steven Lembark
` (2 more replies)
2008-03-24 20:42 ` Alan McKinnon
2008-03-25 5:41 ` Uwe Thiem
4 siblings, 3 replies; 39+ messages in thread
From: Ricardo Saffi Marques @ 2008-03-24 20:40 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 841 bytes --]
On Mon, Mar 24, 2008 at 5:30 PM, Grant <emailgrant@gmail.com> wrote:
> I've revived an old Gentoo laptop, but I've forgotten the root
> password. I remember the password to my user account and I can log in
> there fine. Can I recover the root password?
On the grub menu, edit the entry of the system you want to boot and on the
kernel line, add "init=/bin/bash" without the quotes. Boot that modded boot
instructions sequence. After kernel loads, you'll have a bash. Type: "mount
-o rw,remount /"
Then type "passwd", put the new root pwd. Remount the partition read-only:
"mount -o ro,remount /" and reboot. Done!
--
Ricardo Saffi Marques
Laboratório de Administração e Segurança de Sistemas (LAS/IC)
Universidade Estadual de Campinas (UNICAMP)
Cell: +55 (19) 8128-0435
Skype: ricardo_saffi_marques
Website: http://www.rsaffi.com
[-- Attachment #2: Type: text/html, Size: 1206 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 20:30 [gentoo-user] Recovering root password Grant
` (2 preceding siblings ...)
2008-03-24 20:40 ` Ricardo Saffi Marques
@ 2008-03-24 20:42 ` Alan McKinnon
2008-03-25 5:41 ` Uwe Thiem
4 siblings, 0 replies; 39+ messages in thread
From: Alan McKinnon @ 2008-03-24 20:42 UTC (permalink / raw
To: gentoo-user
On Monday 24 March 2008, Grant wrote:
> I've revived an old Gentoo laptop, but I've forgotten the root
> password. I remember the password to my user account and I can log
> in there fine. Can I recover the root password?
No, that would require undoing high-quality encryption schemes. Which is
a good thing, otherwise your internet banking couldn't be safe (amongst
other similar evils)
What you can do is replace the root password with something else:
Boot from any old LiveCD, mount your gentoo partitions somewhere, chroot
into them as root and run 'passwd'
If this sounds familiar, it's because it's the same process you used to
install Gentoo in the first place :-)
--
Alan McKinnon
alan dot mckinnon at gmail dot com
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 20:40 ` Ricardo Saffi Marques
@ 2008-03-24 20:45 ` Steven Lembark
2008-03-24 20:49 ` Ricardo Saffi Marques
2008-03-25 7:12 ` Dirk Heinrichs
2008-03-24 21:57 ` Neil Bothwick
2008-03-25 0:14 ` Grant
2 siblings, 2 replies; 39+ messages in thread
From: Steven Lembark @ 2008-03-24 20:45 UTC (permalink / raw
To: gentoo-user
> On the grub menu, edit the entry of the system you want to boot and on the
> kernel line, add "init=/bin/bash" without the quotes. Boot that modded boot
> instructions sequence. After kernel loads, you'll have a bash. Type: "mount
> -o rw,remount /"
Make sure that your bash is statically linked,
otherwise you can run into problems with this
approach. It's acutally a good idea to keep
a static bash and just put this into grub as
the 'shell-init' or 'aaaargh' entry
(it's in their example config).
--
Steven Lembark +1 888 359 3508
Workhorse Computing 85-09 90th St
lembark@wrkhors.com Woodhaven, NY 11421
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 20:39 ` Dale
@ 2008-03-24 20:49 ` Florian Philipp
0 siblings, 0 replies; 39+ messages in thread
From: Florian Philipp @ 2008-03-24 20:49 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 854 bytes --]
On Mon, 2008-03-24 at 15:39 -0500, Dale wrote:
> Grant wrote:
> > I've revived an old Gentoo laptop, but I've forgotten the root
> > password. I remember the password to my user account and I can log in
> > there fine. Can I recover the root password?
> >
> > - Grant
> >
>
> I think you can boot into single user mode and reset it. You have to
> put it on the end of the grub boot line but I can't recall what the
> exact option is. May help you search tho.
>
> You can also boot the CD and chroot in to reset it as well. I'm sure
> that will work just as well.
>
> Dale
>
> :-) :-)
The option is "single" but it won't help because it requests the root
password before it gives you your /bin/bash.
Anyway, if you have sudo-rights, you can simply do "sudo passwd" and it
won't ask you for the old password.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 20:45 ` Steven Lembark
@ 2008-03-24 20:49 ` Ricardo Saffi Marques
2008-03-25 7:12 ` Dirk Heinrichs
1 sibling, 0 replies; 39+ messages in thread
From: Ricardo Saffi Marques @ 2008-03-24 20:49 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 542 bytes --]
On Mon, Mar 24, 2008 at 5:45 PM, Steven Lembark <lembark@wrkhors.com> wrote:
> It's acutally a good idea to keep a static bash and just put this into
> grub as the 'shell-init' or 'aaaargh' entry (it's in their example config).
That's what I do, at least. ;)
I have that boot entry for cases like that (or worse :-))
--
Ricardo Saffi Marques
Laboratório de Administração e Segurança de Sistemas (LAS/IC)
Universidade Estadual de Campinas (UNICAMP)
Cell: +55 (19) 8128-0435
Skype: ricardo_saffi_marques
Website: http://www.rsaffi.com
[-- Attachment #2: Type: text/html, Size: 862 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 20:40 ` Ricardo Saffi Marques
2008-03-24 20:45 ` Steven Lembark
@ 2008-03-24 21:57 ` Neil Bothwick
2008-03-24 23:52 ` Steven Lembark
2008-03-25 0:14 ` Grant
2 siblings, 1 reply; 39+ messages in thread
From: Neil Bothwick @ 2008-03-24 21:57 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 701 bytes --]
On Mon, 24 Mar 2008 17:40:13 -0300, Ricardo Saffi Marques wrote:
> On the grub menu, edit the entry of the system you want to boot and on
> the kernel line, add "init=/bin/bash" without the quotes. Boot that
> modded boot instructions sequence. After kernel loads, you'll have a
> bash. Type: "mount -o rw,remount /"
Or just add "rw init=/bin/sh" to avoid remounting /.
It's probably better to use a shell designed for rescue work,
like sash or busybox instead of bash, especially if /usr is on a
separate filesystem.
--
Neil Bothwick
"We are Microsoft of Borg. Prepare to...."
The application "assimilation" has caused a General Protection Fault
and must exit immediately.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 21:57 ` Neil Bothwick
@ 2008-03-24 23:52 ` Steven Lembark
0 siblings, 0 replies; 39+ messages in thread
From: Steven Lembark @ 2008-03-24 23:52 UTC (permalink / raw
To: gentoo-user
> It's probably better to use a shell designed for rescue work,
> like sash or busybox instead of bash, especially if /usr is on a
> separate filesystem.
The statically linked bash acutally works rather
well for this. The main advantage I've found
using it for recovery situations is that I'm
used to it: sourceing root's .bash_profile is
enough to give a familiar environment.
--
Steven Lembark +1 888 359 3508
Workhorse Computing 85-09 90th St
lembark@wrkhors.com Woodhaven, NY 11421
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 20:40 ` Ricardo Saffi Marques
2008-03-24 20:45 ` Steven Lembark
2008-03-24 21:57 ` Neil Bothwick
@ 2008-03-25 0:14 ` Grant
2 siblings, 0 replies; 39+ messages in thread
From: Grant @ 2008-03-25 0:14 UTC (permalink / raw
To: gentoo-user
> > I've revived an old Gentoo laptop, but I've forgotten the root
> > password. I remember the password to my user account and I can log in
> > there fine. Can I recover the root password?
>
> On the grub menu, edit the entry of the system you want to boot and on the
> kernel line, add "init=/bin/bash" without the quotes. Boot that modded boot
> instructions sequence. After kernel loads, you'll have a bash. Type: "mount
> -o rw,remount /"
> Then type "passwd", put the new root pwd. Remount the partition read-only:
> "mount -o ro,remount /" and reboot. Done!
Done deal, thanks everyone.
- Grant
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 20:30 [gentoo-user] Recovering root password Grant
` (3 preceding siblings ...)
2008-03-24 20:42 ` Alan McKinnon
@ 2008-03-25 5:41 ` Uwe Thiem
2008-03-25 8:03 ` Liviu Andronic
4 siblings, 1 reply; 39+ messages in thread
From: Uwe Thiem @ 2008-03-25 5:41 UTC (permalink / raw
To: gentoo-user
On Monday 24 March 2008, Grant wrote:
> I've revived an old Gentoo laptop, but I've forgotten the root
> password. I remember the password to my user account and I can log
> in there fine. Can I recover the root password?
If you could passwords were useless. ;-)
But you can boot from a LiveCD, mount your harddrive, chroot and then
give root another password.
Uwe
--
Informal Linux Group Namibia:
http://www.linux.org.na/
SysEx (Pty) Ltd.:
http://www.SysEx.com.na/
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-24 20:45 ` Steven Lembark
2008-03-24 20:49 ` Ricardo Saffi Marques
@ 2008-03-25 7:12 ` Dirk Heinrichs
1 sibling, 0 replies; 39+ messages in thread
From: Dirk Heinrichs @ 2008-03-25 7:12 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 855 bytes --]
Am Montag, 24. März 2008 schrieb ext Steven Lembark:
> Make sure that your bash is statically linked,
> otherwise you can run into problems with this
> approach.
# ldd /bin/bash
linux-gate.so.1 => (0xb7f2a000)
libncurses.so.5 => /lib/libncurses.so.5 (0xb7ec7000)
libdl.so.2 => /lib/libdl.so.2 (0xb7ec3000)
libc.so.6 => /lib/libc.so.6 (0xb7d6b000)
/lib/ld-linux.so.2 (0xb7f2b000)
No need for a static bash, since everything it needs is in /lib.
Bye...
Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 5:41 ` Uwe Thiem
@ 2008-03-25 8:03 ` Liviu Andronic
2008-03-25 8:09 ` Dirk Heinrichs
` (3 more replies)
0 siblings, 4 replies; 39+ messages in thread
From: Liviu Andronic @ 2008-03-25 8:03 UTC (permalink / raw
To: gentoo-user
On Tue, Mar 25, 2008 at 6:41 AM, Uwe Thiem <uwix@iway.na> wrote:
> > I've revived an old Gentoo laptop, but I've forgotten the root
> > password. I remember the password to my user account and I can log
> > in there fine. Can I recover the root password?
>
> If you could passwords were useless. ;-)
>
> But you can boot from a LiveCD, mount your harddrive, chroot and then
> give root another password.
But then, conventional passwords are as useless. One needs no more
than physical access to the computer, a LiveCD and a couple minutes in
order to become the super user of your system. Basically, the password
seems useful only to know whether anyone has changed it behind your
back.
I am starting to wonder why am I so attached to my root password being
strong.. :)
Liviu
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 8:03 ` Liviu Andronic
@ 2008-03-25 8:09 ` Dirk Heinrichs
2008-03-25 8:25 ` Alan McKinnon
` (2 subsequent siblings)
3 siblings, 0 replies; 39+ messages in thread
From: Dirk Heinrichs @ 2008-03-25 8:09 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1428 bytes --]
Am Dienstag, 25. März 2008 schrieb ext Liviu Andronic:
> On Tue, Mar 25, 2008 at 6:41 AM, Uwe Thiem <uwix@iway.na> wrote:
> > > I've revived an old Gentoo laptop, but I've forgotten the root
> > >
> > > password. I remember the password to my user account and I can log
> > > in there fine. Can I recover the root password?
> >
> > If you could passwords were useless. ;-)
> >
> > But you can boot from a LiveCD, mount your harddrive, chroot and then
> > give root another password.
>
> But then, conventional passwords are as useless. One needs no more
> than physical access to the computer, a LiveCD and a couple minutes in
> order to become the super user of your system. Basically, the password
> seems useful only to know whether anyone has changed it behind your
> back.
That's only true if you didn't do anything else to protect the system. All
the above is useless if the / filesystem is encrypted.
> I am starting to wonder why am I so attached to my root password being
> strong.. :)
Because it protects your system from abuse.
Bye...
Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 8:03 ` Liviu Andronic
2008-03-25 8:09 ` Dirk Heinrichs
@ 2008-03-25 8:25 ` Alan McKinnon
2008-03-25 8:32 ` Dirk Heinrichs
2008-03-25 9:12 ` Neil Bothwick
2008-03-25 8:30 ` Wael Nasreddine
2008-03-25 17:51 ` Steven Lembark
3 siblings, 2 replies; 39+ messages in thread
From: Alan McKinnon @ 2008-03-25 8:25 UTC (permalink / raw
To: gentoo-user
On Tuesday 25 March 2008, Liviu Andronic wrote:
> > But you can boot from a LiveCD, mount your harddrive, chroot and
> > then give root another password.
>
> But then, conventional passwords are as useless. One needs no more
> than physical access to the computer, a LiveCD and a couple minutes
> in order to become the super user of your system. Basically, the
> password seems useful only to know whether anyone has changed it
> behind your back.
Let me guess - you own a notebook and most of your exposure to running a
computer is limited to that, and you have never administered a real
server somewhere, right?
It's very very easy to keep your servers safe from physical access
attacks - make sure the bad guys can't touch it. This is so easy to do
it's laughable - we use a locked door. The only people who have a key
are those who have to root password anyway.
On a notebook, there isn't an OS in existence that is immune to a
LiveCD. If this concerns you, apply some biometrics and encrypted
filesystem patches. Or stop using notebooks. Or stop using computers
that someone else can touch.
--
Alan McKinnon
alan dot mckinnon at gmail dot com
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 8:03 ` Liviu Andronic
2008-03-25 8:09 ` Dirk Heinrichs
2008-03-25 8:25 ` Alan McKinnon
@ 2008-03-25 8:30 ` Wael Nasreddine
2008-03-25 17:23 ` Mick
2008-03-25 17:51 ` Steven Lembark
3 siblings, 1 reply; 39+ messages in thread
From: Wael Nasreddine @ 2008-03-25 8:30 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1177 bytes --]
This One Time, at Band Camp, Liviu Andronic <landronimirc@gmail.com> said, On Tue, Mar 25, 2008 at 09:03:29AM +0100:
> > But you can boot from a LiveCD, mount your harddrive, chroot and then
> > give root another password.
> But then, conventional passwords are as useless. One needs no more
> than physical access to the computer, a LiveCD and a couple minutes in
> order to become the super user of your system. Basically, the password
> seems useful only to know whether anyone has changed it behind your
> back.
> I am starting to wonder why am I so attached to my root password being
> strong.. :)
> Liviu
That's why I have my entire installation over a DM-CRYPT ( LUKS
encrypted partition... ), including swaps and storage ( LVM over
DM-CRYPT actually), this way even if someone had a physical access to
my laptop, both GRUB and LiveCD approach would be useless...
--
Wael Nasreddine
http://wael.nasreddine.com
PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2
/ö\ Son, this is the only time I'm ever gonna say this. It is not okay to
/ö\ lose.
/ö\
/ö\ -- Homer Simpson
/ö\ Dead Putting Society
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 8:25 ` Alan McKinnon
@ 2008-03-25 8:32 ` Dirk Heinrichs
2008-03-25 15:28 ` Alan McKinnon
2008-03-25 9:12 ` Neil Bothwick
1 sibling, 1 reply; 39+ messages in thread
From: Dirk Heinrichs @ 2008-03-25 8:32 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 632 bytes --]
Am Dienstag, 25. März 2008 schrieb ext Alan McKinnon:
> On a notebook, there isn't an OS in existence that is immune to a
> LiveCD.
Linux is. In the sense that you can't get at the data if the disc is
encrypted, even not with a LiveCD. You can only destroy/overwrite it.
Bye...
Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 8:25 ` Alan McKinnon
2008-03-25 8:32 ` Dirk Heinrichs
@ 2008-03-25 9:12 ` Neil Bothwick
2008-03-25 12:08 ` Liviu Andronic
1 sibling, 1 reply; 39+ messages in thread
From: Neil Bothwick @ 2008-03-25 9:12 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 652 bytes --]
On Tue, 25 Mar 2008 10:25:17 +0200, Alan McKinnon wrote:
> On a notebook, there isn't an OS in existence that is immune to a
> LiveCD. If this concerns you, apply some biometrics and encrypted
> filesystem patches. Or stop using notebooks. Or stop using computers
> that someone else can touch.
Or disable booting from the optical drive (or remove it completely) and
set a password in the BIOS. This is one of the few areas in which a
laptop has an advantage, you can't just pope the side off the case and
flip a jumper to reset the BIOS.
--
Neil Bothwick
WinErr 003: Dynamic linking error - Your mistake is now in every file
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 9:12 ` Neil Bothwick
@ 2008-03-25 12:08 ` Liviu Andronic
2008-03-25 14:44 ` Neil Bothwick
0 siblings, 1 reply; 39+ messages in thread
From: Liviu Andronic @ 2008-03-25 12:08 UTC (permalink / raw
To: gentoo-user
On Tue, Mar 25, 2008 at 10:12 AM, Neil Bothwick <neil@digimed.co.uk> wrote:
> Or disable booting from the optical drive (or remove it completely) and
> set a password in the BIOS. This is one of the few areas in which a
> laptop has an advantage, you can't just pope the side off the case and
> flip a jumper to reset the BIOS.
>
I'd say the BIOS is not much of a security enforcer. Even with the
BIOS password protected, one can plug out the hardrive, connect to
another system and get access to all the data. It might need more time
than a LiveCD approach, it would be as efficient. As Alan and Wael
suggested, the approaches that can work in protecting your data are a
physical key to a locked door or a root encrypted system.
Liviu
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 12:08 ` Liviu Andronic
@ 2008-03-25 14:44 ` Neil Bothwick
2008-03-25 17:53 ` Steven Lembark
0 siblings, 1 reply; 39+ messages in thread
From: Neil Bothwick @ 2008-03-25 14:44 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 827 bytes --]
On Tue, 25 Mar 2008 13:08:04 +0100, Liviu Andronic wrote:
> I'd say the BIOS is not much of a security enforcer. Even with the
> BIOS password protected, one can plug out the hardrive, connect to
> another system and get access to all the data. It might need more time
> than a LiveCD approach, it would be as efficient. As Alan and Wael
> suggested, the approaches that can work in protecting your data are a
> physical key to a locked door or a root encrypted system.
If it is possible to have sufficient access to be able to remove the hard
drive, then an encrypted filesystem is essential. Any computer that isn't
nailed down behind a locked door should have this, unless it contains and
has access to absolutely nothing of value.
--
Neil Bothwick
I'll try being nicer if you'll try being smarter.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 8:32 ` Dirk Heinrichs
@ 2008-03-25 15:28 ` Alan McKinnon
2008-03-25 16:32 ` Grant
0 siblings, 1 reply; 39+ messages in thread
From: Alan McKinnon @ 2008-03-25 15:28 UTC (permalink / raw
To: gentoo-user
On Tuesday 25 March 2008, Dirk Heinrichs wrote:
> Am Dienstag, 25. März 2008 schrieb ext Alan McKinnon:
> > On a notebook, there isn't an OS in existence that is immune to a
> > LiveCD.
>
> Linux is. In the sense that you can't get at the data if the disc is
> encrypted, even not with a LiveCD. You can only destroy/overwrite it.
Yes, I realised that when typing the original, but left it as is - too
many IF conditionals would be needed to be accurate and English is
almost useless at getting IFs to parse correctly :-)
Passwords come from a time when users had terminals that log onto
machines that are somewhere else and the user can't lay a finger on
them. Things have indeed changed since 1978
--
Alan McKinnon
alan dot mckinnon at gmail dot com
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 15:28 ` Alan McKinnon
@ 2008-03-25 16:32 ` Grant
2008-03-25 17:04 ` Uwe Thiem
` (2 more replies)
0 siblings, 3 replies; 39+ messages in thread
From: Grant @ 2008-03-25 16:32 UTC (permalink / raw
To: gentoo-user
> > > On a notebook, there isn't an OS in existence that is immune to a
> > > LiveCD.
> >
> > Linux is. In the sense that you can't get at the data if the disc is
> > encrypted, even not with a LiveCD. You can only destroy/overwrite it.
>
> Yes, I realised that when typing the original, but left it as is - too
> many IF conditionals would be needed to be accurate and English is
> almost useless at getting IFs to parse correctly :-)
>
> Passwords come from a time when users had terminals that log onto
> machines that are somewhere else and the user can't lay a finger on
> them. Things have indeed changed since 1978
Would the type of filesystem encryption you guys are talking about be
unsuitable for a high-traffic server because of performance
considerations?
- Grant
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 16:32 ` Grant
@ 2008-03-25 17:04 ` Uwe Thiem
2008-03-25 17:26 ` Grant
2008-03-26 8:07 ` [gentoo-user] " Dirk Heinrichs
2008-03-25 17:14 ` Florian Philipp
2008-03-25 17:55 ` Steven Lembark
2 siblings, 2 replies; 39+ messages in thread
From: Uwe Thiem @ 2008-03-25 17:04 UTC (permalink / raw
To: gentoo-user
On Tuesday 25 March 2008, Grant wrote:
> > > > On a notebook, there isn't an OS in existence that is immune
> > > > to a LiveCD.
> > >
> > > Linux is. In the sense that you can't get at the data if the
> > > disc is encrypted, even not with a LiveCD. You can only
> > > destroy/overwrite it.
> >
> > Yes, I realised that when typing the original, but left it as is
> > - too many IF conditionals would be needed to be accurate and
> > English is almost useless at getting IFs to parse correctly :-)
> >
> > Passwords come from a time when users had terminals that log
> > onto machines that are somewhere else and the user can't lay a
> > finger on them. Things have indeed changed since 1978
>
> Would the type of filesystem encryption you guys are talking about
> be unsuitable for a high-traffic server because of performance
> considerations?
Yes, and it isn't necessary. You lock your servers away so that nobody
has physical access to them.
It's only interesting for workstations, laptops and external storage
devices.
Uwe
--
Informal Linux Group Namibia:
http://www.linux.org.na/
SysEx (Pty) Ltd.:
http://www.SysEx.com.na/
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 16:32 ` Grant
2008-03-25 17:04 ` Uwe Thiem
@ 2008-03-25 17:14 ` Florian Philipp
2008-03-25 17:55 ` Steven Lembark
2 siblings, 0 replies; 39+ messages in thread
From: Florian Philipp @ 2008-03-25 17:14 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1330 bytes --]
On Tue, 2008-03-25 at 09:32 -0700, Grant wrote:
> > > > On a notebook, there isn't an OS in existence that is immune to a
> > > > LiveCD.
> > >
> > > Linux is. In the sense that you can't get at the data if the disc is
> > > encrypted, even not with a LiveCD. You can only destroy/overwrite it.
> >
> > Yes, I realised that when typing the original, but left it as is - too
> > many IF conditionals would be needed to be accurate and English is
> > almost useless at getting IFs to parse correctly :-)
> >
> > Passwords come from a time when users had terminals that log onto
> > machines that are somewhere else and the user can't lay a finger on
> > them. Things have indeed changed since 1978
>
> Would the type of filesystem encryption you guys are talking about be
> unsuitable for a high-traffic server because of performance
> considerations?
>
> - Grant
I did some benchmarks recently, posted them on gentoo-security. Long
story short: Even my 64bit single-core Celeron can do 256bit AES, 320bit
Anubis or 256bit Twofish faster than writing data to the disk (37MB/s).
Blowfish, CAST and Serpent are too slow.
128bit AES (which I deem good enough for the near future) causes around
40% CPU-utilization.
Whether it is suitable for your server depends on its usage patterns.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 8:30 ` Wael Nasreddine
@ 2008-03-25 17:23 ` Mick
2008-03-25 20:02 ` Wael Nasreddine
0 siblings, 1 reply; 39+ messages in thread
From: Mick @ 2008-03-25 17:23 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1616 bytes --]
On Tuesday 25 March 2008, Wael Nasreddine wrote:
> This One Time, at Band Camp, Liviu Andronic <landronimirc@gmail.com> said,
On Tue, Mar 25, 2008 at 09:03:29AM +0100:
> > > But you can boot from a LiveCD, mount your harddrive, chroot and then
> > > give root another password.
> >
> > But then, conventional passwords are as useless. One needs no more
> > than physical access to the computer, a LiveCD and a couple minutes in
> > order to become the super user of your system. Basically, the password
> > seems useful only to know whether anyone has changed it behind your
> > back.
> >
> > I am starting to wonder why am I so attached to my root password being
> > strong.. :)
> > Liviu
>
> That's why I have my entire installation over a DM-CRYPT ( LUKS
> encrypted partition... ), including swaps and storage ( LVM over
> DM-CRYPT actually), this way even if someone had a physical access to
> my laptop, both GRUB and LiveCD approach would be useless...
I've thought about going for this . . . and then backpedaled once more. Every
time I had a fs problem I have managed to recover to this date without much
trouble. Vanilla primary and extended partitions seem to be straight forward
to access with any LiveCD. To be honest even when I had to frig about with
LVM I managed to recover without loss of data (more out of luck than skill I
suspect). The thought however, that I may lose my private key (never say
never), or lose a drive and need to access my data pronto from a back up
makes me somewhat nervous. Should I be more brave that this?
--
Regards,
Mick
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 17:04 ` Uwe Thiem
@ 2008-03-25 17:26 ` Grant
2008-03-25 21:28 ` [gentoo-user] " Michael Schmarck
2008-03-26 8:07 ` [gentoo-user] " Dirk Heinrichs
1 sibling, 1 reply; 39+ messages in thread
From: Grant @ 2008-03-25 17:26 UTC (permalink / raw
To: gentoo-user
> > > > > On a notebook, there isn't an OS in existence that is immune
> > > > > to a LiveCD.
> > > >
> > > > Linux is. In the sense that you can't get at the data if the
> > > > disc is encrypted, even not with a LiveCD. You can only
> > > > destroy/overwrite it.
> > >
> > > Yes, I realised that when typing the original, but left it as is
> > > - too many IF conditionals would be needed to be accurate and
> > > English is almost useless at getting IFs to parse correctly :-)
> > >
> > > Passwords come from a time when users had terminals that log
> > > onto machines that are somewhere else and the user can't lay a
> > > finger on them. Things have indeed changed since 1978
> >
> > Would the type of filesystem encryption you guys are talking about
> > be unsuitable for a high-traffic server because of performance
> > considerations?
>
> Yes, and it isn't necessary. You lock your servers away so that nobody
> has physical access to them.
Sounds like co-location right? I just have a hosted dedicated
machine. The thing that's always kept me from co-locating is hardware
failure. That would be a "my problem" in a co-located environment
rather than a "their problem" right?
- Grant
> It's only interesting for workstations, laptops and external storage
> devices.
>
>
> Uwe
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 8:03 ` Liviu Andronic
` (2 preceding siblings ...)
2008-03-25 8:30 ` Wael Nasreddine
@ 2008-03-25 17:51 ` Steven Lembark
3 siblings, 0 replies; 39+ messages in thread
From: Steven Lembark @ 2008-03-25 17:51 UTC (permalink / raw
To: gentoo-user
> I am starting to wonder why am I so attached to my root password being
> strong.. :)
Becuase I can crack a simple password from outside
of the box. Hacking in w/ a CD or the init=blah
approach requires physical access and a reboot,
both of which are fairly noticable and preventable.
--
Steven Lembark +1 888 359 3508
Workhorse Computing 85-09 90th St
lembark@wrkhors.com Woodhaven, NY 11421
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 14:44 ` Neil Bothwick
@ 2008-03-25 17:53 ` Steven Lembark
2008-03-25 18:02 ` Dirk Heinrichs
2008-03-25 19:23 ` Neil Bothwick
0 siblings, 2 replies; 39+ messages in thread
From: Steven Lembark @ 2008-03-25 17:53 UTC (permalink / raw
To: gentoo-user
> If it is possible to have sufficient access to be able to remove the hard
> drive, then an encrypted filesystem is essential. Any computer that isn't
> nailed down behind a locked door should have this, unless it contains and
> has access to absolutely nothing of value.
Which setup does anyone out there use for the encfs?
--
Steven Lembark +1 888 359 3508
Workhorse Computing 85-09 90th St
lembark@wrkhors.com Woodhaven, NY 11421
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 16:32 ` Grant
2008-03-25 17:04 ` Uwe Thiem
2008-03-25 17:14 ` Florian Philipp
@ 2008-03-25 17:55 ` Steven Lembark
2008-03-25 19:12 ` Alan McKinnon
2 siblings, 1 reply; 39+ messages in thread
From: Steven Lembark @ 2008-03-25 17:55 UTC (permalink / raw
To: gentoo-user
>> them. Things have indeed changed since 1978
Unless you include the time in 1972 that some of
my friends broke into the computer room, hacked
the PDP-11, and inserted "Panther, Pink" into
every class in the highschool.
They have remained hugely the same :-)
--
Steven Lembark +1 888 359 3508
Workhorse Computing 85-09 90th St
lembark@wrkhors.com Woodhaven, NY 11421
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 17:53 ` Steven Lembark
@ 2008-03-25 18:02 ` Dirk Heinrichs
2008-03-25 20:06 ` Wael Nasreddine
2008-03-25 19:23 ` Neil Bothwick
1 sibling, 1 reply; 39+ messages in thread
From: Dirk Heinrichs @ 2008-03-25 18:02 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 563 bytes --]
Am Dienstag, 25. März 2008 schrieb Steven Lembark:
> > If it is possible to have sufficient access to be able to remove the
> > hard drive, then an encrypted filesystem is essential. Any computer that
> > isn't nailed down behind a locked door should have this, unless it
> > contains and has access to absolutely nothing of value.
>
> Which setup does anyone out there use for the encfs?
I use LUKS encrypted logical volumes. Root fs is encrypted with a password,
all other volumes are encrypted with a keyfile located on /.
Bye...
Dirk
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 17:55 ` Steven Lembark
@ 2008-03-25 19:12 ` Alan McKinnon
0 siblings, 0 replies; 39+ messages in thread
From: Alan McKinnon @ 2008-03-25 19:12 UTC (permalink / raw
To: gentoo-user
On Tuesday 25 March 2008, Steven Lembark wrote:
> >> them. Things have indeed changed since 1978
>
> Unless you include the time in 1972 that some of
> my friends broke into the computer room, hacked
> the PDP-11, and inserted "Panther, Pink" into
> every class in the highschool.
>
> They have remained hugely the same :-)
I stand corrected :-)
The technology and what people are supposed to do with computers has
changed a lot.
What wise-ass kids DO do with them has stayed exactly the same.
Sidenote: I'll expect that most of those same hacker kids are now
well-respected and competent IT professionals, right? That also hasn't
changed much over the years...
--
Alan McKinnon
alan dot mckinnon at gmail dot com
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 17:53 ` Steven Lembark
2008-03-25 18:02 ` Dirk Heinrichs
@ 2008-03-25 19:23 ` Neil Bothwick
1 sibling, 0 replies; 39+ messages in thread
From: Neil Bothwick @ 2008-03-25 19:23 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 226 bytes --]
On Tue, 25 Mar 2008 13:53:24 -0400, Steven Lembark wrote:
> Which setup does anyone out there use for the encfs?
I use LUKS too.
--
Neil Bothwick
Eagles may soar, but Wombles don't get sucked into jet engines
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 17:23 ` Mick
@ 2008-03-25 20:02 ` Wael Nasreddine
0 siblings, 0 replies; 39+ messages in thread
From: Wael Nasreddine @ 2008-03-25 20:02 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 3174 bytes --]
This One Time, at Band Camp, Mick <michaelkintzios@gmail.com> said, On Tue, Mar 25, 2008 at 05:23:00PM +0000:
> > That's why I have my entire installation over a DM-CRYPT ( LUKS
> > encrypted partition... ), including swaps and storage ( LVM over
> > DM-CRYPT actually), this way even if someone had a physical access to
> > my laptop, both GRUB and LiveCD approach would be useless...
> I've thought about going for this . . . and then backpedaled once more. Every
> time I had a fs problem I have managed to recover to this date without much
> trouble. Vanilla primary and extended partitions seem to be straight forward
> to access with any LiveCD. To be honest even when I had to frig about with
> LVM I managed to recover without loss of data (more out of luck than skill I
> suspect). The thought however, that I may lose my private key (never say
> never), or lose a drive and need to access my data pronto from a back up
> makes me somewhat nervous. Should I be more brave that this?
Well it depends... First of all you should know that almost every LiveCD
now include a cryptsetup/lvm implementation, Gentoo does, Ubuntu does
( not as is though you should apt-get cryptsetyp, AFAIK lvm already
installed), so recovering data would not be that hard if you can open
the partition... As for loosing the key, that's easy too, here's what
I do: I create a small file from /dev/urandom and I use it as pass key
SLOT, and store it somewhere safe, so if and when I forget all of the
passwords I have, I use this key, it is safe.
Anyway as I said above it actually depends, using dm-crypt will lower
the performance of your machine which actually make sense since the
data are encrypted before they are written to the disk (AFAIK I'm not
really sure how it handles I/O operations, but I'm sure that writing a
huge file to your HDD will result in a lot of CPU usage of the process
'kcryptd'), but using dm-crypt is very very secure, I use it because
my laptop is with me every day when I go to the university so I need
this kind of security... On the other hand if you don't need
encryption, maybe you should stick with LVM... (LVM is a must checkout
my partitions below, I love it...)
--------- CUT
# lvdisplay -C
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
gentoo-opt system -wi-ao 1.00G
gentoo-overlays system -wi-ao 1.00G
gentoo-root system -wi-ao 500.00M
gentoo-usr system -wi-ao 5.00G
gentoo-var system -wi-ao 500.00M
home system -wi-ao 15.00G
storage system -wi-ao 50.66G
suspend-swap system -wi-a- 1.00G
swap system -wi-ao 2.00G
tmp system -wi-ao 500.00M
ubuntu-opt system -wi-ao 1.00G
ubuntu-root system -wi-ao 500.00M
ubuntu-usr system -wi-ao 3.50G
ubuntu-var system -wi-ao 500.00M
var-tmp system -wi-ao 100.00M
--------- CUT
Regards,
--
Wael Nasreddine
http://wael.nasreddine.com
PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2
/ö\
/ö\ When Chuck Norris wants an egg, he cracks open a chicken.
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 18:02 ` Dirk Heinrichs
@ 2008-03-25 20:06 ` Wael Nasreddine
2008-03-26 7:59 ` Dirk Heinrichs
0 siblings, 1 reply; 39+ messages in thread
From: Wael Nasreddine @ 2008-03-25 20:06 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 657 bytes --]
This One Time, at Band Camp, Dirk Heinrichs <dirk.heinrichs@online.de> said, On Tue, Mar 25, 2008 at 07:02:59PM +0100:
> I use LUKS encrypted logical volumes. Root fs is encrypted with a password,
> all other volumes are encrypted with a keyfile located on /.
Why not encrypt a big fat partition and then have an LVM array over it
for all your partitions including swap ?? Suspend2 will work with this
setup just in case you are wondering.
--
Wael Nasreddine
http://wael.nasreddine.com
PGP: 1024D/C8DD18A2 06F6 1622 4BC8 4CEB D724 DE12 5565 3945 C8DD 18A2
/ö\ Slug: Peep it! The sun's already risin'. We're gonna have to blow this joint.
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* [gentoo-user] Re: Recovering root password
2008-03-25 17:26 ` Grant
@ 2008-03-25 21:28 ` Michael Schmarck
0 siblings, 0 replies; 39+ messages in thread
From: Michael Schmarck @ 2008-03-25 21:28 UTC (permalink / raw
To: gentoo-user
Hi.
Grant <emailgrant <at> gmail.com> writes:
> > > Would the type of filesystem encryption you guys are talking about
> > > be unsuitable for a high-traffic server because of performance
> > > considerations?
> >
> > Yes, and it isn't necessary. You lock your servers away so that nobody
> > has physical access to them.
I'd rather say: "... so that only trusted people have ...". But besides
this nitpick, I agree with you.
>
> Sounds like co-location right?
No. Sounds like "build your own data center" :)
> I just have a hosted dedicated
> machine.
This means that you've got to trust the people hosting your
environment. If you don't, then move away! You know, they
could "easily" install a traffic sniffers and whatnot.
> The thing that's always kept me from co-locating is hardware
> failure. That would be a "my problem" in a co-located environment
> rather than a "their problem" right?
Depends on your contract, but generally speaking, you're right, yes.
Michael
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 20:06 ` Wael Nasreddine
@ 2008-03-26 7:59 ` Dirk Heinrichs
0 siblings, 0 replies; 39+ messages in thread
From: Dirk Heinrichs @ 2008-03-26 7:59 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 938 bytes --]
Am Dienstag, 25. März 2008 schrieb ext Wael Nasreddine:
> This One Time, at Band Camp, Dirk Heinrichs <dirk.heinrichs@online.de>
said, On Tue, Mar 25, 2008 at 07:02:59PM +0100:
> > I use LUKS encrypted logical volumes. Root fs is encrypted with a
> > password, all other volumes are encrypted with a keyfile located on /.
>
> Why not encrypt a big fat partition and then have an LVM array over it
> for all your partitions including swap ??
Hmm, could do it this way also, yes.
> Suspend2 will work with this
> setup just in case you are wondering.
I don't use it.
Bye...
Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-25 17:04 ` Uwe Thiem
2008-03-25 17:26 ` Grant
@ 2008-03-26 8:07 ` Dirk Heinrichs
2008-03-26 10:04 ` Uwe Thiem
1 sibling, 1 reply; 39+ messages in thread
From: Dirk Heinrichs @ 2008-03-26 8:07 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 823 bytes --]
Am Dienstag, 25. März 2008 schrieb ext Uwe Thiem:
> On Tuesday 25 March 2008, Grant wrote:
> >
> > Would the type of filesystem encryption you guys are talking about
> > be unsuitable for a high-traffic server because of performance
> > considerations?
>
> Yes, and it isn't necessary. You lock your servers away so that nobody
> has physical access to them.
What if you sell them or give them back (leased machines)? Do you erase your
discs beforehand.
Bye...
Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: [gentoo-user] Recovering root password
2008-03-26 8:07 ` [gentoo-user] " Dirk Heinrichs
@ 2008-03-26 10:04 ` Uwe Thiem
0 siblings, 0 replies; 39+ messages in thread
From: Uwe Thiem @ 2008-03-26 10:04 UTC (permalink / raw
To: gentoo-user
On Wednesday 26 March 2008, Dirk Heinrichs wrote:
> Am Dienstag, 25. März 2008 schrieb ext Uwe Thiem:
> > Yes, and it isn't necessary. You lock your servers away so that
> > nobody has physical access to them.
>
> What if you sell them or give them back (leased machines)? Do you
> erase your discs beforehand.
Depends on the content of the disks. If it is sensitive, I wipe them
(not just rm or mkfs). But then, this problem has never occurred to
me. I don't lease servers, nor do I sell them. Usually, my servers
aren't sellable by the time I can't use them any more. ;-)
Uwe
--
Informal Linux Group Namibia:
http://www.linux.org.na/
SysEx (Pty) Ltd.:
http://www.SysEx.com.na/
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 39+ messages in thread
end of thread, other threads:[~2008-03-26 10:05 UTC | newest]
Thread overview: 39+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-03-24 20:30 [gentoo-user] Recovering root password Grant
2008-03-24 20:34 ` Boris Fersing
2008-03-24 20:39 ` Dale
2008-03-24 20:49 ` Florian Philipp
2008-03-24 20:40 ` Ricardo Saffi Marques
2008-03-24 20:45 ` Steven Lembark
2008-03-24 20:49 ` Ricardo Saffi Marques
2008-03-25 7:12 ` Dirk Heinrichs
2008-03-24 21:57 ` Neil Bothwick
2008-03-24 23:52 ` Steven Lembark
2008-03-25 0:14 ` Grant
2008-03-24 20:42 ` Alan McKinnon
2008-03-25 5:41 ` Uwe Thiem
2008-03-25 8:03 ` Liviu Andronic
2008-03-25 8:09 ` Dirk Heinrichs
2008-03-25 8:25 ` Alan McKinnon
2008-03-25 8:32 ` Dirk Heinrichs
2008-03-25 15:28 ` Alan McKinnon
2008-03-25 16:32 ` Grant
2008-03-25 17:04 ` Uwe Thiem
2008-03-25 17:26 ` Grant
2008-03-25 21:28 ` [gentoo-user] " Michael Schmarck
2008-03-26 8:07 ` [gentoo-user] " Dirk Heinrichs
2008-03-26 10:04 ` Uwe Thiem
2008-03-25 17:14 ` Florian Philipp
2008-03-25 17:55 ` Steven Lembark
2008-03-25 19:12 ` Alan McKinnon
2008-03-25 9:12 ` Neil Bothwick
2008-03-25 12:08 ` Liviu Andronic
2008-03-25 14:44 ` Neil Bothwick
2008-03-25 17:53 ` Steven Lembark
2008-03-25 18:02 ` Dirk Heinrichs
2008-03-25 20:06 ` Wael Nasreddine
2008-03-26 7:59 ` Dirk Heinrichs
2008-03-25 19:23 ` Neil Bothwick
2008-03-25 8:30 ` Wael Nasreddine
2008-03-25 17:23 ` Mick
2008-03-25 20:02 ` Wael Nasreddine
2008-03-25 17:51 ` Steven Lembark
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox