Author: Simon Capstick Date: To: Hampshire LUG Discussion List Old-Topics: Re: [Hampshire] When I'm gone? Subject: Re: [Hampshire] When I'm gone? - Solved?
alan c wrote: > Paul Tansom wrote:
>> OK, somewhat prompted by my current state of mind and recent events, but
>> a valid question none the less.
>>
>> For those that have non-technical other halves, relatives or etc. who
>> don't know other techies, what, if anything, have you in place for the
>> contingency of not being there to support your systems? I'm not thinking
>> so much a desktop system, but if you have a server handling mail,
>> printing, file sharing, etc. that would likely be over kill or not
>> wanted without yourself to support it, do you have details of what to do
>> with it and/or an envelope with passwords put to one side?
>> ...
The answer may be simpler than you think. Just encrypt all the data
with something like cryptsetup/LUKS, and unlock it every time you boot
with a keyboard interactive passphrase. If you're not there (or worse)
then the data's garbage.
To get all 'techie' try setting up your favourite Linux distro on a low
power/embedded PC such as a PC Engines/Alix board with a compact flash
card (like I have). Have it automatically unlock the encrypted
partitions remotely via SSH/sudo without any user intervention. If
someone steals the server then the data auto-magically becomes garbage.
Place this 'key server' in a safe place away from the encrypted disk
server where no one but you and trusted others know about it. Since the
Alix boards can run of a sort of Power over Ethernet you can even hide
the 'key server' in the loft or bury it in a water resistant safe under
your foundations with just the cat5 cable coming out the floor and into
your server. That way the server only works in your house/office/VPN ;-)
