Jeff Moe
2cdf496c20
|
5 years ago | |
---|---|---|
.. | ||
ADD-DRIVE.md | 5 years ago | |
README.md | 5 years ago |
README.md
This is how to set up decrypting a remote encrypted partition at boot.
apt install dropbear-initramfs
/etc/dropbear-initramfs/config DROPBEAR_OPTIONS="-p611 -s -j -k -I 60"
Add RSA keys here (no ed25519 ?)
vim /etc/dropbear-initramfs/authorized_keys
update initramfs
update-initramfs -u
Set up grub
vim /etc/default/grub
Like:
GRUB_CMDLINE_LINUX_DEFAULT="ip=client-ip::gw-ip:netmask"
Example:
GRUB_CMDLINE_LINUX_DEFAULT="ip=10.1.1.100::10.1.1.1:255.255.255.0"
(Also maybe add numa=off)
update grub
update-grub
Set up ~/.ssh/config for client to connect to dropbear/ssh:
Host sf-001-disk Hostname 10.1.1.100 Port 611 User root PasswordAuthentication no IdentityFile ~/.ssh/id_rsa
Then when system boots up, ssh to it:
ssh sf-001-disk
When logged in, run:
cryptroot-unlock
========================================================================== cryptsetup -y luksAddKey /dev/sda2 cryptsetup luksRemoveKey /dev/sda2
apt install dropbear-initramfs
vim /etc/dropbear-initramfs/config DROPBEAR_OPTIONS="-p 10.0.0.1:22 -s -j -k -I 60" IFDOWN=*
Add RSA keys here (no ed25519 ?)
vim /etc/dropbear-initramfs/authorized_keys
update initramfs
update-initramfs -u
Set up grub
vim /etc/default/grub
needs correct interface eno1
Like:
GRUB_CMDLINE_LINUX_DEFAULT="ip=client-ip::gw-ip:netmask:hostname:interface"
Example:
GRUB_CMDLINE_LINUX_DEFAULT="quiet ip=10.0.0.1::10.0.0.2:255.255.255.0:fooserver:eno1:off"
(Also maybe add numa=off)
update grub
update-grub
Set up ~/.ssh/config for client to connect to dropbear/ssh:
Host fooserver-disk Hostname 10.0.0.1 Port 22 User root PasswordAuthentication no IdentityFile ~/.ssh/id_rsa
Then when system boots up, ssh to it:
ssh fooserver-disk
When logged in, run:
cryptroot-unlock