I use Encfs so that the data are hidden from the host but viewable
inside of the guest (I also encrypt the host's drives, but that part
doesn't sound like what you need). My understanding is that Encfs
doesn't encrypt everything (like the length of file names), but it has
an advantage that I can back up the "data" and Encfs files so that
should the server go down I restore data in another host/guest but still
not have the guest's user worried that I have viewable access to their
data. Hope that helps....Madog.
On 03/25/2015 01:25 PM, Laurens Vets wrote:
> I'll clarify my position a bit :)
>
> The machines are all remote (they do not all have serial connections)
> and I want to make sure that if a server is removed or stolen no data
> can be obtained from the guests. I also make the assumption here that
> in order to remove the server, power will be cut. I don't really care
> about the host itself.
>
> Laurens
>
> On 2015-03-25 08:00, Christian Thaeter wrote:
>> First and foremost you should define against what threats you want to
>> secure the vservers and then think which option would be the best.
>>
>> For example when you 'only' need a secure data storage you may look into
>> ecryptfs or tahoe-lafs.
>>
>> Don't forget that you need to encrypt swap storage if there is any,
>> else secret data might end up unencrypted in the swap storage.
>>
>> Also when you encrypt vservers independently you loose the ability to
>> unify/hashify the files to save storage (and memory).
>>
>> You also need some way to feed keys to unlock the vservers, which will
>> be always the weak link in such a setup.
>>
>> Bottomline: If in doubt, just encrypt the whole box, that has more
>> advantages, less maintenance, less problems and is a proven way. I use
>> that with dmcrypt'ed partitions and it works well since years. If you
>> have enough RAM then the performance impact is negligible as frequent
>> accessed stuff gets cached.
>>
>> Christian
>>
>>
>> On 2015-03-25 08:20, Ben Green wrote:
>>
>>> I have friends who run each guest on its own LVM partition,
>>> encrypted. The partition has to be mounted by the host of course, and
>>> is therefore accessible to that host. This strategy is to prevent
>>> any physical theft of servers resulting in compromised data.
>>>
>>> I guess it depends on your aims with the encryption.
>>>
>>> Cheers,
>>> Ben
>>>
>>> Quoting Oliver Welter <mail@oliwel.de>:
>>>
>>>> Hi,
>>>>
>>>> the question is what do you expect to be "encrypted"? You can put
>>>> the filesystem of the guest onto an encrypted device but AFAIK you
>>>> can not prevent the root host to enter/access the context of the
>>>> running guest. There is a "Guest Privacy" Flag in the vserver
>>>> config, but I am not aware of what exactly it prevents.
>>>>
>>>> My fastest approach would be to construct a kind of "locked down"
>>>> host without root access to prevent administrative staff from
>>>> accessing the guest.
>>>>
>>>> Oliver
>>>>
>>>> Am 25.03.2015 um 01:39 schrieb Laurens Vets:
>>>>> Hello list,
>>>>>
>>>>> I'm currently looking for a good way to encrypt Vservers.
>>>>>
>>>>> Basically what I want is that when I start a vserver, it asks for a
>>>>> passphrase before booting further. I do not want to encrypt the
>>>>> host itself, only the guests.
>>>>>
>>>>> What would be the best way of doing this and does anyone have any
>>>>> experience in this?
>>>>>
>>>>> Thanks!
>>>
>>>
>>>
Received on Wed Mar 25 17:45:39 2015