Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extra precaution with Proxmox ZFS Unlock #209

Open
TommyTran732 opened this issue Feb 1, 2024 · 1 comment
Open

Extra precaution with Proxmox ZFS Unlock #209

TommyTran732 opened this issue Feb 1, 2024 · 1 comment
Labels
[c] update existing Existing content updates (beyond trivial fixes)

Comments

@TommyTran732
Copy link
Member

The Proxmox with native ZFS guide doesn't have any tamper protection anyways, so it is not the end of the world without these. However, it will be good practice to

  • Not setup LetsEncrypt until the ZFS root dataset is already encrypted
  • Rotate the server SSH keys after the dataset is encrypted
  • Change the root password (just generally good practice to not expose the hash of the root practice I suppose)
@TommyTran732 TommyTran732 added the [c] update existing Existing content updates (beyond trivial fixes) label Feb 1, 2024
@TommyTran732
Copy link
Member Author

TommyTran732 commented Feb 1, 2024
edited
Loading

Aside of the SSH host key, Proxmox has another key where it uses to access other nodes in the cluster, and this needs to be rotated as well. This one is probably more important than the rest.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
[c] update existing Existing content updates (beyond trivial fixes)
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TommyTran732