You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jeff Moe 2cdf496c20
Cryptsetup new drive
5 years ago
..
ADD-DRIVE.md Cryptsetup new drive 5 years ago
README.md Cryptsetup new drive 5 years ago

README.md

This is how to set up decrypting a remote encrypted partition at boot.

apt install dropbear-initramfs

/etc/dropbear-initramfs/config DROPBEAR_OPTIONS="-p611 -s -j -k -I 60"

Add RSA keys here (no ed25519 ?)

vim /etc/dropbear-initramfs/authorized_keys

update initramfs

update-initramfs -u

Set up grub

vim /etc/default/grub

Like:

GRUB_CMDLINE_LINUX_DEFAULT="ip=client-ip::gw-ip:netmask"

Example:

GRUB_CMDLINE_LINUX_DEFAULT="ip=10.1.1.100::10.1.1.1:255.255.255.0"

(Also maybe add numa=off)

update grub

update-grub

Set up ~/.ssh/config for client to connect to dropbear/ssh:

Host sf-001-disk Hostname 10.1.1.100 Port 611 User root PasswordAuthentication no IdentityFile ~/.ssh/id_rsa

Then when system boots up, ssh to it:

ssh sf-001-disk

When logged in, run:

cryptroot-unlock

========================================================================== cryptsetup -y luksAddKey /dev/sda2 cryptsetup luksRemoveKey /dev/sda2

apt install dropbear-initramfs

vim /etc/dropbear-initramfs/config DROPBEAR_OPTIONS="-p 10.0.0.1:22 -s -j -k -I 60" IFDOWN=*

Add RSA keys here (no ed25519 ?)

vim /etc/dropbear-initramfs/authorized_keys

update initramfs

update-initramfs -u

Set up grub

vim /etc/default/grub

needs correct interface eno1

Like:

GRUB_CMDLINE_LINUX_DEFAULT="ip=client-ip::gw-ip:netmask:hostname:interface"

Example:

GRUB_CMDLINE_LINUX_DEFAULT="quiet ip=10.0.0.1::10.0.0.2:255.255.255.0:fooserver:eno1:off"

(Also maybe add numa=off)

update grub

update-grub

Set up ~/.ssh/config for client to connect to dropbear/ssh:

Host fooserver-disk Hostname 10.0.0.1 Port 22 User root PasswordAuthentication no IdentityFile ~/.ssh/id_rsa

Then when system boots up, ssh to it:

ssh fooserver-disk

When logged in, run:

cryptroot-unlock