On Sat, Apr 17, 2010 at 10:49:29 +0200, Jozsi Vadkan <jozsi.avadkan@xxxxxxxxx> wrote: > I want to put my server in a "server hotel". > > But: I don't trust my "server hotel owner". These requirements seem to conflict. > What can I do? > > I can crypt my partition/hdd's that contains the data. Ok. > But: then my operating system will not be encrypted. Not Ok. That depends on your threat model. You will at least get a chance to notice the reboot used to try to get access to your data by capturing your password as you enter it. I don't think you have good choices there if you are really worried about this. This condition also applies at service start up and your choice is to enter the password which might get snooped or not use the service. (Note if you are are worried about this, you typically also need to worry about the keys being pulled from memory while the system is running, typically using firewire for access, but other ways exist.) > If I crypt my operating system too, then when a reboot comes, > I have to type a password to decrypt. But my server will be at > a "server hotel" I can't directly use a keyboard [no service cpu]. This is really the same case as above. The kernel executable is unencrypted on the boot partition for Fedora. > What can I do [on technical side] to ensure a little more security > to my server [e.g: crypt my partition/slice/whatever, that has the > operating system, but without the "type password" ""problem""] You really can't. The technical answer is to pay more to host the server in a secure facility. You might consider legal protection via your support contract, depending on what you are protecting. (If you are working for organized crime, legal protection isn't going to help, and you should advise your boss to shell out some more money to host servers under physical control of his trusted employees.) -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines