Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
installs the stuff and does some config for a dracut-ssh-crypt like setup -- ssh into initramfs to unlock the luks partition
#!/usr/bin/env bash
# installs the stuff and does some config for a dracut-ssh-crypt like setup -- ssh into initramfs to unlock the luks partition
sudo apt install dropbear{,-initramfs}
DB_CONFIG=/etc/dropbear-initramfs/config
DB_AUTH_KEYS=/etc/dropbear-initramfs/authorized_keys
sudo mkdir -p /etc/dropbear-initramfs
sudo touch $DB_CONFIG
echo 'DROPBEAR_OPTIONS="-p 222 -s -j -k -I 60"' | sudo tee -a $DB_CONFIG
echo -n '' | sudo tee $DB_AUTH_KEYS
cat $HOME/.ssh/authorized_keys | sudo tee -a $DB_AUTH_KEYS
PREFIX='no-port-forwarding,no-agent-forwarding,no-x11-forwarding,command="/bin/cryptroot-unlock"'
sudo sed -i -e "s/^/no-port-forwarding,no-agent-forwarding,no-x11-forwarding,command=\"\/bin\/cryptroot-unlock\" /" $DB_AUTH_KEYS
sudo update-initramfs -u
# maybe, depending on setup
# add 'ip=dhcp' or 'ip=<clientip>::<gw-ip>:<netmask>' to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub
# afterwards don't forget to `update-grub`
# dope, ssh in on 222 during boot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment