New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
You can't do that with Xen as each VM (DomU) runs in an isolated system. You can connect to the console of a vm with "xm console [vm]"
is it possible to see my rootfs? or even install things on my box?
See yes, you can mount the FS on the host node. install, yes, too, but is a bit more complicated. You can, however, use KVM's or HVM install from ISO and encrypt your FS.
What about remote fs?
I can mount a remotefs in early initramfs Stage.
This should be safe aight?
They can do this only when your VM is off. When your VM is on and the disk is attached, it can only be accessed by your VM.
Thats great ! Thank You!
I tested that. It's possible to mount the disk of a VM while the vm is running (Xen 4.1, LVM, debian wheezy)
ah ok. What if i mount an remotefs inside the running box.
You will not have access to it right? even as its mountet as an overlay?
If you store the credentials somewhere on the disk, the ISP might be able to read out (btw, when I tested if it's possible to mount disks of running VMs, I broke the filesystem. So I don't reommend to do that)
the credentials arent stored of cause, this would be mor than stupid
They will still be in RAM and xen can save ram of a running vm and look for keys there.
The only safe way to use remote storage in my experience is to use encrypted containers mounted on your PC at home, this way the keys are on your pc and the emulated block device is fully encrypted both in place and in communication, the decoding takes place only locally on a device only you have access to. If you run the os from an USB key and you only access the data when needed (dont leave the external storage mounted al the time) you should be relatively safe, provided no major bugs are discovered and you are using cascading algorithms and very long keys and sufficiently randomised salt.
What about mounting sshfs as an overlay?
if i am using keyauth?
the xen box is shortly allowed to keyauth here localcy on my router.
when i use keepalive for ssh session the connection should stay.
After the sshfs is mounted, key will removed from authorized_keys.
What do You think ?
I think the keys still have to be in the memory. Or how should the machine encrypt data without SSH keys?
Initramfs keeps waiting for lets go to mount after dropbear starts
while [ ! -e /nastyscript.sh ];do
sleep 1
done
now i login with a key, made just for that dropbear.
box is still in initramfs. now i can do nasty stuff by scpd script
Or do You mean opperators have access to my RAM content all the time?
Yes
They have Access to my ram Content all the Time?
Is this the case After boot?
Is this on kvm also?
Thanks!
Yes, they have access to all ram at all time, as I said, you need to mount only locally, on your home PC or a device you have exclusive control on while the target is mounted.
ok interseting.
This does also mean, that all those "fullencrypted disks" are useless?
The key for encrypting them is stored in ram also.
even if its remotely unlocked using ssh?
Yes. Because if you started your system and need to write a file to the disk, how should it be encrypted without any keys stored somewhere? Thats not possible.
It depends. If you want to make it complicated for admins to read your files, that is not useless, it is a significant complication, if you want to make it impossible, then, yeah, it is.
Next scenario:
on kvm/xen box only /boot exitst.
it boots an initramfs with vpn running awayting connection.
connection established with ssh(dropbear pw auth) -> deflate ipsec config
when ipsec conection is established a nfsroot is mounted which is here on my local machine in an encrypted partition.
Still a vuln here for files?
ramdump?
Another try.... Tell me, how the running system should encrypt data without a key.
It will still store the keys locally in RAM. It will also be unusably slow.
ok, thanks guys i think i understand now!
No matter what You do the encryption key is still in ram.
Ram can be dumped and analysed.
No, there is the method i described, but it only works one way, mount a fs on your device from outside, anything you mount on a system you do not have exclusive control on, can be read.
It takes a lot of experience and time to strip keys from a memory dump. I personally wouldn't worry unless you have whole governments after your encrypted data.