Re: Getting GELI Keys from Floppy
Nikos Vassiliadis wrote:
> Are you sure you want to trust a floppy disk for your keys??
> It's not the most safe medium these days...
I'll backup the keys on CD. It's just that I don't want to waste a
CD-ROM drive in this server.
> >
> > There is a problem here, because GELI initializes _before_ mounting
> > the disks from /etc/fstab (for obvious reasons, of course). So GELI is
> > not able to get the keys from the floppy and fails.
> >
> > So, any hints how I could get the floppy mounted _before_ GELI tries
> > to initialize?
>
> Why don't you use the plain device(/dev/fd0) instead of using a file on a
> filesystem on the floppy? I think there are examples in the manual page.
I could use /dev/fd0 directly but then I had to use the same key for
all 6 HDD's in the server. I got a solution by hacking /etc/rc.d/geli
- I'm just mounting the floppy there before it tries to read the key.
Thanks for all the people giving suggestions!
Frank
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 4 之 9 篇):