|
|
|
# This is how to set up decrypting a remote encrypted partition at boot.
|
|
|
|
|
|
|
|
apt install dropbear-initramfs
|
|
|
|
|
|
|
|
/etc/dropbear-initramfs/config
|
|
|
|
DROPBEAR_OPTIONS="-p611 -s -j -k -I 60"
|
|
|
|
|
|
|
|
# Add RSA keys here (no ed25519 ?)
|
|
|
|
vim /etc/dropbear-initramfs/authorized_keys
|
|
|
|
|
|
|
|
# update initramfs
|
|
|
|
update-initramfs -u
|
|
|
|
|
|
|
|
# Set up grub
|
|
|
|
vim /etc/default/grub
|
|
|
|
# Like:
|
|
|
|
GRUB_CMDLINE_LINUX_DEFAULT="ip=client-ip::gw-ip:netmask"
|
|
|
|
# Example:
|
|
|
|
GRUB_CMDLINE_LINUX_DEFAULT="ip=10.1.1.100::10.1.1.1:255.255.255.0"
|
|
|
|
# (Also maybe add numa=off)
|
|
|
|
|
|
|
|
# update grub
|
|
|
|
update-grub
|
|
|
|
|
|
|
|
# Set up ~/.ssh/config for client to connect to dropbear/ssh:
|
|
|
|
Host sf-001-disk
|
|
|
|
Hostname 10.1.1.100
|
|
|
|
Port 611
|
|
|
|
User root
|
|
|
|
PasswordAuthentication no
|
|
|
|
IdentityFile ~/.ssh/id_rsa
|
|
|
|
|
|
|
|
# Then when system boots up, ssh to it:
|
|
|
|
ssh sf-001-disk
|
|
|
|
|
|
|
|
# When logged in, run:
|
|
|
|
cryptroot-unlock
|
|
|
|
|
|
|
|
==========================================================================
|
|
|
|
cryptsetup -y luksAddKey /dev/sda2
|
|
|
|
cryptsetup luksRemoveKey /dev/sda2
|
|
|
|
|
|
|
|
apt install dropbear-initramfs
|
|
|
|
|
|
|
|
vim /etc/dropbear-initramfs/config
|
|
|
|
DROPBEAR_OPTIONS="-p 10.0.0.1:22 -s -j -k -I 60"
|
|
|
|
IFDOWN=*
|
|
|
|
|
|
|
|
# Add RSA keys here (no ed25519 ?)
|
|
|
|
vim /etc/dropbear-initramfs/authorized_keys
|
|
|
|
|
|
|
|
# update initramfs
|
|
|
|
update-initramfs -u
|
|
|
|
|
|
|
|
# Set up grub
|
|
|
|
vim /etc/default/grub
|
|
|
|
# needs correct interface eno1
|
|
|
|
# Like:
|
|
|
|
GRUB_CMDLINE_LINUX_DEFAULT="ip=client-ip::gw-ip:netmask:hostname:interface"
|
|
|
|
# Example:
|
|
|
|
GRUB_CMDLINE_LINUX_DEFAULT="quiet ip=10.0.0.1::10.0.0.2:255.255.255.0:fooserver:eno1:off"
|
|
|
|
# (Also maybe add numa=off)
|
|
|
|
|
|
|
|
# update grub
|
|
|
|
update-grub
|
|
|
|
|
|
|
|
# Set up ~/.ssh/config for client to connect to dropbear/ssh:
|
|
|
|
Host fooserver-disk
|
|
|
|
Hostname 10.0.0.1
|
|
|
|
Port 22
|
|
|
|
User root
|
|
|
|
PasswordAuthentication no
|
|
|
|
IdentityFile ~/.ssh/id_rsa
|
|
|
|
|
|
|
|
# Then when system boots up, ssh to it:
|
|
|
|
ssh fooserver-disk
|
|
|
|
|
|
|
|
# When logged in, run:
|
|
|
|
cryptroot-unlock
|
|
|
|
|