| lolek | alkisg: hi, last time you gave the link to a repo with scripts to have working vlan with dropbear during boot. I'm reading the readme and checking the scripts yet I'm not sure with one thing. After boot I should also properly configure the networking so the network scripts etc to have vlans and so on? | 07:41 |
|---|---|---|
| alkisg | Hi lolek , I haven't actually used dropbear but from a quick glance I did last time, it seems to me it brings down networking on exit; so yes you're supposed to properly configure networking using netplan, vlans etc later on | 07:43 |
| lolek | ok, that's awsome | 07:43 |
| lolek | but hmm you said you haven't used it so you're using something else? | 07:43 |
| alkisg | lolek: I'm very familiar with initramfs-tools because I'm developing ltsp.org, but no, I'm not using full disk encryption | 07:44 |
| lolek | oh ok | 07:45 |
| alkisg | Well actually I do need to unlock home automatically on some servers, but I'm using home-grown scripts to ask data from nearby servers and make sure the server is still onsite, and then I unlock it automatically, not manually | 07:45 |
| alkisg | *encrypted home | 07:45 |
| lolek | alkisg: the ltsp... nice... well καλημέρα then ;) | 07:46 |
| alkisg | Καλημέρα! :D | 07:46 |
| alkisg | I.e. each server provides an md5sum of its hardware (even asks some from remote locations), then they are xor'ed, then the result unlocks a gpg encoded secret, which unlocks home | 07:46 |
| alkisg | So attackers would need to steal all servers from multiple sites to get the unlocking to work | 07:47 |
| lolek | interesting approach | 07:50 |
| arraybolt3[m] | alkisg: md5? I mean it should be enough, but I'd want to use SHA256 to avoid spoofing. | 07:54 |
| alkisg | arraybolt3: the key is that they don't know the md5sum | 07:55 |
| alkisg | Spoofing works if they know it and they want to generate a source for it | 07:55 |
| arraybolt3[m] | Ah, makes sense. I must be tired :) | 07:55 |
| === rfm_ is now known as rfm | ||
| === Eickmeyer is now known as NotEickmeyer | ||
| === Eickmeyer0 is now known as Eickmeyer | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!