Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
installs the stuff and does some config for a dracut-ssh-crypt like setup -- ssh into initramfs to unlock the luks partition
#!/usr/bin/env bash
# installs the stuff and does some config for a dracut-ssh-crypt like setup -- ssh into initramfs to unlock the luks partition
sudo apt install dropbear{,-initramfs}
DB_CONFIG=/etc/dropbear-initramfs/config
DB_AUTH_KEYS=/etc/dropbear-initramfs/authorized_keys
sudo mkdir -p /etc/dropbear-initramfs
sudo touch $DB_CONFIG
echo 'DROPBEAR_OPTIONS="-p 222 -s -j -k -I 60"' | sudo tee -a $DB_CONFIG
echo -n '' | sudo tee $DB_AUTH_KEYS
cat $HOME/.ssh/authorized_keys | sudo tee -a $DB_AUTH_KEYS
PREFIX='no-port-forwarding,no-agent-forwarding,no-x11-forwarding,command="/bin/cryptroot-unlock"'
sudo sed -i -e "s/^/no-port-forwarding,no-agent-forwarding,no-x11-forwarding,command=\"\/bin\/cryptroot-unlock\" /" $DB_AUTH_KEYS
sudo update-initramfs -u
# maybe, depending on setup
# add 'ip=dhcp' or 'ip=<clientip>::<gw-ip>:<netmask>' to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub
# afterwards don't forget to `update-grub`
# dope, ssh in on 222 during boot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.