Jump to content

Encryption

Mornincupofhate
By Mornincupofhate
in Servers, NAS, and Home Lab
 Share
Posted
20 minutes ago, Mornincupofhate said:

Most likely a Linux distribution. CentOS.

Do want the who thing encrypted or just your storage.

 

If you want the whole thing encrypted, you need to configure encryption during install and inter a password when rebooting it or turning it on.

 

If you just want storage, you can use encfs or dm-crypt and ssh in to decrypt.

 

You ca

Link to comment
https://linustechtips.com/topic/659466-encryption/#findComment-8529165
Share on other sites
Link to post
Share on other sites
Posted
  • Author
47 minutes ago, Electronics Wizardy said:

Do want the who thing encrypted or just your storage.

 

If you want the whole thing encrypted, you need to configure encryption during install and inter a password when rebooting it or turning it on.

 

If you just want storage, you can use encfs or dm-crypt and ssh in to decrypt.

 

You ca

Basically let's just use a game server for an example.

I want the game server to be running on the server, but let's say someone else logs on to the server physically (or through RDP), would I be able to force them to enter a password before being able to see the files?

 

---------------------------

Edit:
If I'm correct, I believe the iPhone does something like this. It's encrypted and forces a password, but still runs internally and can recieve texts and update itself and what not.

Link to comment
https://linustechtips.com/topic/659466-encryption/#findComment-8529550
Share on other sites
Link to post
Share on other sites
Posted
3 minutes ago, Mornincupofhate said:

Basically let's just use a game server for an example.

I want the game server to be running on the server, but let's say someone else logs on to the server physically (or through RDP), would I be able to force them to enter a password before being able to see the files?

 

---------------------------

Edit:
If I'm correct, I believe the iPhone does something like this. It's encrypted and forces a password, but still runs internally and can recieve texts and update itself and what not.

Encryption only helps with physical acces, not with remote. It doesn't affect the login security. 

 

Encryption will require a password before the full kernel can load. At that time there is normally no network access or drivers loaded.

 

You can require passwords without encrypting the server. By default there are password on remote desktop and ssh and local login.

 

The iphone isn't a great example as its much more locked down and you can't just pull out the drive. You could make it so that the system boots and runs without decrypting files, but every files used you be able to read by anyone who had physical access very easily.

Link to comment
https://linustechtips.com/topic/659466-encryption/#findComment-8529631
Share on other sites
Link to post
Share on other sites
Posted
10 hours ago, Electronics Wizardy said:

Encryption only helps with physical acces, not with remote. It doesn't affect the login security. 

 

Encryption will require a password before the full kernel can load. At that time there is normally no network access or drivers loaded.

 

You can require passwords without encrypting the server. By default there are password on remote desktop and ssh and local login.

 

The iphone isn't a great example as its much more locked down and you can't just pull out the drive. You could make it so that the system boots and runs without decrypting files, but every files used you be able to read by anyone who had physical access very easily.

Like he said.

 

Theoretically, you shouldn't even need to encrypt, as user permissions exist for a reason. Nobody should EVER share the same linux account for these reasons.

My native language is C++

Link to comment
https://linustechtips.com/topic/659466-encryption/#findComment-8532900
Share on other sites
Link to post
Share on other sites
Posted

I can see what you want to do, say run a minecraft server under xyz login and since the console starts under the xyz login you have to give other "game admins" those credentials so they can see the console. Now they're authenticated and you don't want them seeing your data.

 

What you do in that scenario is create a limited account on the server and put the game-server files (assuming they just run standalone and don't require an install) on the desktop / home directory of this new user account. Now run the server and hand out those credentials. Whenever you need to log in for personal stuff, log in via your personal credentials. (in windows it's just "switch user")

 

If you're paranoid said people are smart and could somehow get around the whole permissions thing, then you can just encrypt specific directories or your home directory (of your personal account) and stick personal files there. Log out when you're done.

 

or*** run the game server inside a docker which should have almost no performance impact. It's not impossible to break out of a docker but it's also not easy especially if you use a non-root account to run the game-server with.

Link to comment
https://linustechtips.com/topic/659466-encryption/#findComment-8534154
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Servers, NAS, and Home Lab

×