Encryption, paranoia and virtual machines

Alex Volkov avolkov-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Nov 25 16:42:16 UTC 2011


Sorry I wasn't specific-enough this was a reply to two posts at once.

If you host the machine then there is definitely value in installing
them using encryption, and I'd do the same thing as Digimier said,
crete logical volumes on physical host for guest machines, which are
seen as whole disk and then install lvm on guest machine and encrypt
only volumes containing private data, no point encrypting root fs.

Then you can control the machine with virt-manager over ssh, and that
is where you enter volume password during boot.



On Fri, Nov 25, 2011 at 11:29 AM, Neil Watson
<tlug-neil-8agRmHhQ+n2CxnSzwYWP7Q at public.gmane.org> wrote:
> On Fri, Nov 25, 2011 at 11:11:07AM -0500, Alex Volkov wrote:
>>
>> Encrypting logical volumes on shared host is snake oil.
>
> In my scenario the host is not shared.  The hosting company has physical
> access to the host but no login. In such a case I think there is still
> value to encryption.  It is just a question of how to apply it.
>
>
> --
> Neil Watson
> Linux/UNIX Consultant
> http://watson-wilson.ca
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list