Last active
April 22, 2022 21:05
-
-
Save malteb247/8c1bceca5e8fd8778003 to your computer and use it in GitHub Desktop.
remote unlocking LUKS encrypted LVM using Dropbear SSH (inspired by https://stinkyparkia.wordpress.com/2014/10/14/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu-server-14-04-1-with-static-ipst/) with respect to pointopoint interfaces setup.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# location: /etc/initramfs-tools/hooks/crypt_unlock.sh | |
PREREQ="dropbear" | |
prereqs() { | |
echo "$PREREQ" | |
} | |
case "$1" in | |
prereqs) | |
prereqs | |
exit 0 | |
;; | |
esac | |
. "${CONFDIR}/initramfs.conf" | |
. /usr/share/initramfs-tools/hook-functions | |
if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then | |
cat > "${DESTDIR}/bin/unlock" << EOF | |
#!/bin/sh | |
if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then | |
kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\` | |
# following line kill the remote shell right after the passphrase has | |
# been entered. | |
kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\` | |
exit 0 | |
fi | |
exit 1 | |
EOF | |
chmod 755 "${DESTDIR}/bin/unlock" | |
mkdir -p "${DESTDIR}/lib/unlock" | |
cat > "${DESTDIR}/lib/unlock/plymouth" << EOF | |
#!/bin/sh | |
[ "\$1" == "--ping" ] && exit 1 | |
/bin/plymouth "\$@" | |
EOF | |
chmod 755 "${DESTDIR}/lib/unlock/plymouth" | |
echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# location: /usr/share/initramfs-tools/scripts/init-bottom/dropbear.sh | |
PREREQ="" | |
prereqs() { | |
echo "$PREREQ" | |
} | |
case "$1" in | |
prereqs) | |
prereqs | |
exit 0 | |
;; | |
esac | |
. /scripts/functions | |
[ -r /var/run/dropbear.pid ] || exit 0 | |
log_begin_msg "Stopping dropbear" | |
kill `cat /var/run/dropbear.pid` | |
ip addr flush dev eth0; | |
ip link set down eth0; | |
log_end_msg |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# location: /etc/initramfs-tools/scripts/local-top/mount-boot.sh | |
PREREQ="udev devpts" | |
prereqs() { | |
echo "$PREREQ" | |
} | |
case "$1" in | |
prereqs) | |
prereqs | |
exit 0 | |
;; | |
esac | |
. /scripts/functions | |
# 195.9.250.36 is the local static IP | |
# 76.9.158.210/32 ist the gateway | |
ip address add 195.9.250.36 peer 76.9.158.210/32 brd 255.255.255.255 dev eth0; | |
ip link set up eth0; | |
ip route add 76.9.158.210 src 195.9.250.36 dev eth0; | |
ip route add default via 76.9.158.210 dev eth0; | |
ip addr; | |
ip route; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment