ssh clarification needed
Mail Lists
lists at sapience.com
Sun Jan 4 15:28:13 UTC 2009
On 01/04/2009 09:03 AM, Anne Wilson wrote:
> Hmm - Is there no reasonably safe way of doing this? There seems to be some
> risk with everything. I've not lost a usb stick yet, but one can never
> guarantee that one won't.
The general recomendation for any laptop (with anything sufficiently
private) is to encrypt the disk. My preference is to (luks) encrypt
/home and swap and then bind mount /tmp and /var/tmp out of /home/tmp
/home/var/tmp. You could encrypt root as well and then skip the bind
mounts.
Many (if not most) businesses these days require laptops all be
encrypted - certainly mine does. (See some posts by mike.cloaked on
encryption in F10)
Avoid any fuse type encryptions - nice toys to test things but they
are very slow. Using encryption (encfs is the default in Luks) does not
impact my daily activities at all speed wise, tho' backup/restores may
be a little slower. Witrh encrypted swap you likely cannot hibernate tho
suspend may be an option - I usually just shutdown and reboot.
In addition, as Tom mentioned, you likely use a passphrase to protect
your ssh private key (and like most of us probably use ssh-agent so you
dont need to keep typing it).
gene/
More information about the fedora-list
mailing list