0

Disclaimer: I'm a newbie with server administration.

Should I encrypt the home directory for a Ubuntu server?

Encrypting the home directory means also encrypting the .ssh folder and therefore being unable to access it via ssh if I don't log in through the server console first. And furthermore means being unable to fix any problem remotely if the server gets somehow restarted.

Is encrypting the home dir for a high availability server a good practice? If it is, how should I cope with the problem I mentioned?

Improve this question
0

1 Answer 1

Reset to default
1

First question you should ask is "What data I would like to encrypt in my home directory on server?". If the answer is "I don't know", then don't do that.

If you really want to do that, you can change the location of the authorized_keys files to some other safe location in /etc/ssh/sshd_config, for example as described in my other answer on AskUbuntu:

AuthorizedKeysFile /etc/ssh/%u/authorized_keys

This should give you the chance to log in to the server, but still you need to enter password to decrypt the encrypted home afterward.

Also good to consider is a physical access. If you have some cloud server or machine hosted someplace else, encrypted directory is useless. Anyone with physical access to that machine can read your encryption key from the memory of your server.

Improve this answer
2
  • Good points, I should have added: we have some SSL certificates stored in there, that might be a good reason to encrypt it I suppose. And we also have physical access to the machine (it's our internal cluster).
    – user3834459
    Commented Oct 17, 2016 at 8:58
  • In this case, it would make sense to do that with this modification of your path to authorized_keys file.
    – Jakuje
    Commented Oct 17, 2016 at 8:59

Not the answer you're looking for? Browse other questions tagged .