Disclaimer: I'm a newbie with server administration.
Should I encrypt the home directory for a Ubuntu server?
Encrypting the home directory means also encrypting the .ssh folder and therefore being unable to access it via ssh if I don't log in through the server console first. And furthermore means being unable to fix any problem remotely if the server gets somehow restarted.
Is encrypting the home dir for a high availability server a good practice? If it is, how should I cope with the problem I mentioned?
First question you should ask is "What data I would like to encrypt in my home directory on server?". If the answer is "I don't know", then don't do that.
If you really want to do that, you can change the location of the authorized_keys
files to some other safe location in /etc/ssh/sshd_config
, for example as described in my other answer on AskUbuntu:
AuthorizedKeysFile /etc/ssh/%u/authorized_keys
This should give you the chance to log in to the server, but still you need to enter password to decrypt the encrypted home afterward.
Also good to consider is a physical access. If you have some cloud server or machine hosted someplace else, encrypted directory is useless. Anyone with physical access to that machine can read your encryption key from the memory of your server.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments