03-23-2014
How to go about partition encryption on remote server?
Hi,
im having an linux webserver located in another country and i have just SSH access.
My aim is to protect (by encryption) /home partition on which are located website files and mysql database data.
So i found "
LUKS" SW which can encrypt partition, but the thing i dont understand is how not to cause failures when apps like apache, mysql cals files from /home while its still encrypted after server boot, and how im able to enter decryption password duriong boot over SSH? What is the process, any tutorial, or you have better idea on webserver disk encryption? thx
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hello when I examined the partition information of one of our servers I saw the following:
10.20.5.2:/ha0/critical
Fstab has a similar entry. Seems that the server is accessing a partition on a remote machine.
What else is required to setup a partition that accesses a remote machine... (2 Replies)
Discussion started by: mojoman
2 Replies
2. Shell Programming and Scripting
Hi,
I need to copy few files from remote server to local server.
I write a shell script to connect to the remote server using ftp and go to that path. Now i need to copy those files in the remote directory to my local server with the timestamp of all those files shouldnt be changed.
... (5 Replies)
Discussion started by: arunkumarmc
5 Replies
3. Red Hat
Hi Gurus,
I have been working on encrypting a partition in a Fedora box and have successfully encrypted a partition(By name /test) using "cryptsetup & luks".
The below command was put up in a runcontrol file which is called during bootup to automount them during bootup.
cat... (0 Replies)
Discussion started by: Hari_Ganesh
0 Replies
4. Programming
Hi,
I have 1. lappy
2. server A
3. server B
Now, what i need is to run a command from lappy that will sftp a file from server A to server B.
Please guide me to achieve this.
-akash (1 Reply)
Discussion started by: akash.mahakode
1 Replies
5. Solaris
Hi,
I am trying to automate the process of fetching files from remote server to local server through sftp. I have the username and password for the remote solaris server. But I need to give password manually everytime i run the script.
Can anyone help me in automating the script such that it... (3 Replies)
Discussion started by: ssk250
3 Replies
6. Cybersecurity
Hi all,
I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS.
For example: when A wants to send file to B
A will encrypt the file with B's computer MAC/IP address as an encryption key
This file can only be decrypted... (2 Replies)
Discussion started by: sergionicosta
2 Replies
7. Shell Programming and Scripting
Hi guys,
So i am in server1 and i have to login to server 2, 3,4 and run some script there(logging script) and output its result. What i am doing is running the script in server2 and outputting it to a file in server 2 and then Scp'ing the file to server1. Similarly i am doing this for other... (5 Replies)
Discussion started by: srkmish
5 Replies
8. Shell Programming and Scripting
Hello Every one!!
I am trying to write a shell script which will connect to a remote server and execute scripts which are at a certain path in the remote server.
Before this I am using a sudo command to change the user.
The place where I am stuck is, I am able to connect to the... (6 Replies)
Discussion started by: masubram
6 Replies
9. Shell Programming and Scripting
I have a script, which connecting to remote server and first checks, if the files are there by timestamp. If not I want the script exit without error. Below is a code
TARFILE=${NAME}.tar
TARGZFILE=${NAME}.tar.gz
ssh ${DESTSERVNAME} 'cd /export/home/iciprod/download/let/monthly;... (3 Replies)
Discussion started by: digioleg54
3 Replies
LEARN ABOUT DEBIAN
systemd-cryptsetup-generator
SYSTEMD-CRYPTSETUP-GENERATOR(8) systemd-cryptsetup-generator SYSTEMD-CRYPTSETUP-GENERATOR(8)
NAME
systemd-cryptsetup-generator - Unit generator for /etc/crypttab
SYNOPSIS
/lib/systemd/system-generators/systemd-cryptsetup-generator
DESCRIPTION
systemd-cryptsetup-generator is a generator that translates /etc/crypttab into native systemd units early at boot and when configuration of
the system manager is reloaded. This will create systemd-cryptsetup@.service(8) units as necessary.
systemd-cryptsetup-generator implements systemd.generator(7).
KERNEL COMMAND LINE
systemd-cryptsetup-generator understands the following kernel command line parameters:
luks=, rd.luks=
Takes a boolean argument. Defaults to "yes". If "no", disables the generator entirely. rd.luks= is honored only by initial RAM disk
(initrd) while luks= is honored by both the main system and the initrd.
luks.crypttab=, rd.luks.crypttab=
Takes a boolean argument. Defaults to "yes". If "no", causes the generator to ignore any devices configured in /etc/crypttab
(luks.uuid= will still work however). rd.luks.crypttab= is honored only by initial RAM disk (initrd) while luks.crypttab= is honored
by both the main system and the initrd.
luks.uuid=, rd.luks.uuid=
Takes a LUKS superblock UUID as argument. This will activate the specified device as part of the boot process as if it was listed in
/etc/crypttab. This option may be specified more than once in order to set up multiple devices. rd.luks.uuid= is honored only by
initial RAM disk (initrd) while luks.uuid= is honored by both the main system and the initrd.
If /etc/crypttab contains entries with the same UUID, then the name, keyfile and options specified there will be used. Otherwise, the
device will have the name "luks-UUID".
If /etc/crypttab exists, only those UUIDs specified on the kernel command line will be activated in the initrd or the real root.
luks.name=, rd.luks.name=
Takes a LUKS super block UUID followed by an "=" and a name. This implies rd.luks.uuid= or luks.uuid= and will additionally make the
LUKS device given by the UUID appear under the provided name.
rd.luks.name= is honored only by initial RAM disk (initrd) while luks.name= is honored by both the main system and the initrd.
luks.options=, rd.luks.options=
Takes a LUKS super block UUID followed by an "=" and a string of options separated by commas as argument. This will override the
options for the given UUID.
If only a list of options, without an UUID, is specified, they apply to any UUIDs not specified elsewhere, and without an entry in
/etc/crypttab.
rd.luks.options= is honored only by initial RAM disk (initrd) while luks.options= is honored by both the main system and the initrd.
luks.key=, rd.luks.key=
Takes a password file name as argument or a LUKS super block UUID followed by a "=" and a password file name.
For those entries specified with rd.luks.uuid= or luks.uuid=, the password file will be set to the one specified by rd.luks.key= or
luks.key= of the corresponding UUID, or the password file that was specified without a UUID.
rd.luks.key= is honored only by initial RAM disk (initrd) while luks.key= is honored by both the main system and the initrd.
SEE ALSO
systemd(1), crypttab(5), systemd-cryptsetup@.service(8), cryptsetup(8), systemd-fstab-generator(8)
systemd 237 SYSTEMD-CRYPTSETUP-GENERATOR(8)