Securing tinc config files
Guus Sliepen
guus at tinc-vpn.org
Sun Jan 24 11:44:11 CET 2016
On Sun, Jan 24, 2016 at 12:48:13PM +0300, Yazeed Fataar wrote:
> Thanks Guus.. So if someone had to gain access to my vm-disk. They
> would not be able to view the contents of the files in ""etc/tinc" if
> I do "sudo chmod go= /etc/tinc" .. My paranoia is around a VPS
> provider who had admin access to all containers. I know that I have
> to create a root password that will allow only myself root access ,
> but im just worried about the disk contents if it were mounted on
> another system.
A VPS provider has access to *everything* on your virtual machines,
regardless of what password you set or whether you use full-disk
encryption or not. There is nothing you can do about it, except for not
using a VPS provider.
The only thing that is secure is when you have a physical machine that
only you have physical access and root access to. The only exception is
perhaps a colocated physical machine on which you yourself configured
TPM in such a way that it only boots from a trusted OS image.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160124/5a296374/attachment.sig>
More information about the tinc
mailing list