How to encrypt the server so that the hoster does not get access to the data on the disk?

L

littleguga2017-03-22 16:16:23

System administration

littleguga, 2017-03-22 16:16:23

Question about unix server.
There is a purchased dedicated server, I want to make sure that the hoster does not even get stuck into the physical port (directly to the hard drive) to get data on the disk.
ps.
I have nothing to do with 18+ things, just too much paranoia, and there are no longer enough foil caps :)

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

R

Ruslan Fedoseev, 2017-03-22
@martin74ua

LUKS

N

nirvimel, 2017-03-22
@nirvimel

Remote booting of a machine with Full Disk Encryption is implemented using dropbear . But this only solves the problem with disks. As they write correctly, for example, here (in the answers) : there are different attack vectors on the server to which there is physical access. There doesn't seem to be a one-size-fits-all way to protect against everything (aside from keeping the servers at home).
In addition, if you buy this service remotely and do not have direct access to the server yourself, then it is possible that, under the guise of dedecated, they will sell you a virtual machine standing on real dedecated hardware, into which a physical disk, network card, and other devices are directly forwarded. In terms of performance, such a system cannot be distinguished from the one that stands directly on the hardware. All devices work the same way as physical ones (because they are physical). The only difference here is that the host-OS admin can dump the memory of the virtual machine with all the keys (to decrypt the contents of the disk) in clear text.

P

Puma Thailand, 2017-03-22
@opium

In Linux by default luks

S

Sergey, 2017-03-22
@edinorog

read about Direct Connect Interface and calmly forget about encryption like in a nightmare