Created
April 29, 2020 23:23
-
-
Save XertroV/6ec939c7007af4057188e1112734b928 to your computer and use it in GitHub Desktop.
installs the stuff and does some config for a dracut-ssh-crypt like setup -- ssh into initramfs to unlock the luks partition
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# installs the stuff and does some config for a dracut-ssh-crypt like setup -- ssh into initramfs to unlock the luks partition | |
sudo apt install dropbear{,-initramfs} | |
DB_CONFIG=/etc/dropbear-initramfs/config | |
DB_AUTH_KEYS=/etc/dropbear-initramfs/authorized_keys | |
sudo mkdir -p /etc/dropbear-initramfs | |
sudo touch $DB_CONFIG | |
echo 'DROPBEAR_OPTIONS="-p 222 -s -j -k -I 60"' | sudo tee -a $DB_CONFIG | |
echo -n '' | sudo tee $DB_AUTH_KEYS | |
cat $HOME/.ssh/authorized_keys | sudo tee -a $DB_AUTH_KEYS | |
PREFIX='no-port-forwarding,no-agent-forwarding,no-x11-forwarding,command="/bin/cryptroot-unlock"' | |
sudo sed -i -e "s/^/no-port-forwarding,no-agent-forwarding,no-x11-forwarding,command=\"\/bin\/cryptroot-unlock\" /" $DB_AUTH_KEYS | |
sudo update-initramfs -u | |
# maybe, depending on setup | |
# add 'ip=dhcp' or 'ip=<clientip>::<gw-ip>:<netmask>' to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub | |
# afterwards don't forget to `update-grub` | |
# dope, ssh in on 222 during boot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment