hi
i know we can secure gui, ssh with 2fa but is it possible to 2fa console login?
also with many companies requiring encryption for data at rest how are you encrypting data?
easiest is to do it at the storage level but that requires manual interaction with with every reboot unless you secure console with 2fa (in case os disk and data disk). os protected with 2fa has key stored to unlock vm volume.
what are other creative ways of securing data at rest with no manual intervention?
- encryption within vm
- os drive with key to unlock vm data drive (2fa console login possible?)
- network / ssh unlock but that requires manual intervention
- i think there are ways to luks os drive to auto unlock it at boot and unlock data as well
- can sed drives be used for zfs mirror boot? (perhaps easiest option?)
just trying to see what options are out there.
i know we can secure gui, ssh with 2fa but is it possible to 2fa console login?
also with many companies requiring encryption for data at rest how are you encrypting data?
easiest is to do it at the storage level but that requires manual interaction with with every reboot unless you secure console with 2fa (in case os disk and data disk). os protected with 2fa has key stored to unlock vm volume.
what are other creative ways of securing data at rest with no manual intervention?
- encryption within vm
- os drive with key to unlock vm data drive (2fa console login possible?)
- network / ssh unlock but that requires manual intervention
- i think there are ways to luks os drive to auto unlock it at boot and unlock data as well
- can sed drives be used for zfs mirror boot? (perhaps easiest option?)
just trying to see what options are out there.
Last edited: