Hello,
I use ZFS encryption because I want to protect my data if the server has been stolen.
I just recognized you can boot the hardware with monitor and keyboard and are able to set a new root password without the need to type the old one in first?!
How to deal with this? I don’t want to enter a password on boot, but if someone tries to make changes he should be forced to enter a password.
If there is no ways to do that, maybe someone can give me the right keywords how to use a key file to boot (if possible). The workaround plan is to connect a USB-device with the keyfile with the building, thus robbers would only take the server but not the keys to unlock it.
Thanks
PS: Future plan is to migrate to Scale because of KVM, I am just waiting for the right moment.
I use ZFS encryption because I want to protect my data if the server has been stolen.
I just recognized you can boot the hardware with monitor and keyboard and are able to set a new root password without the need to type the old one in first?!
How to deal with this? I don’t want to enter a password on boot, but if someone tries to make changes he should be forced to enter a password.
If there is no ways to do that, maybe someone can give me the right keywords how to use a key file to boot (if possible). The workaround plan is to connect a USB-device with the keyfile with the building, thus robbers would only take the server but not the keys to unlock it.
Thanks
PS: Future plan is to migrate to Scale because of KVM, I am just waiting for the right moment.