How would you protect files of a VPS (Virtual Private Server) from snooping by the service provider?

  • Lemmchen
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    2 months ago

    Modern CPUs have some RAM encryption features, but ultimately you’re running on hardware outside your control. Personally, I use full disk encryption (except for /boot) and unlock remotely via SSH, but that only helps against automatic scanning of the storage.

    • ouch@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      Do you use dropbear and manually input the password to unlock the LUKS partition, or have you scripted something to automate that?

      • Lemmchen
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        2 months ago

        Dropbear + manual input, but I guess you could do that as a single command somehow. I rarely restart this machine, so copying the PW from my PW manager is acceptable for me.