-
-
Save prudnitskiy/549bd9e400c7ee331bb755160a9a3a34 to your computer and use it in GitHub Desktop.
remote unlocking LUKS encrypted LVM using Dropbear SSH (inspired by https://stinkyparkia.wordpress.com/2014/10/14/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu-server-14-04-1-with-static-ipst/) with respect to pointopoint interfaces setup.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# location: /etc/initramfs-tools/hooks/crypt_unlock.sh | |
PREREQ="dropbear" | |
prereqs() { | |
echo "$PREREQ" | |
} | |
case "$1" in | |
prereqs) | |
prereqs | |
exit 0 | |
;; | |
esac | |
. "${CONFDIR}/initramfs.conf" | |
. /usr/share/initramfs-tools/hook-functions | |
if [ "${DROPBEAR}" != "n" ] && [ -r "/etc/crypttab" ] ; then | |
cat > "${DESTDIR}/bin/unlock" << EOF | |
#!/bin/sh | |
if PATH=/lib/unlock:/bin:/sbin /scripts/local-top/cryptroot; then | |
kill \`ps | grep cryptroot | grep -v "grep" | awk '{print \$1}'\` | |
# following line kill the remote shell right after the passphrase has | |
# been entered. | |
kill -9 \`ps | grep "\-sh" | grep -v "grep" | awk '{print \$1}'\` | |
exit 0 | |
fi | |
exit 1 | |
EOF | |
chmod 755 "${DESTDIR}/bin/unlock" | |
mkdir -p "${DESTDIR}/lib/unlock" | |
cat > "${DESTDIR}/lib/unlock/plymouth" << EOF | |
#!/bin/sh | |
[ "\$1" == "--ping" ] && exit 1 | |
/bin/plymouth "\$@" | |
EOF | |
chmod 755 "${DESTDIR}/lib/unlock/plymouth" | |
echo To unlock root-partition run "unlock" >> ${DESTDIR}/etc/motd | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# location: /usr/share/initramfs-tools/scripts/init-bottom/dropbear.sh | |
PREREQ="" | |
prereqs() { | |
echo "$PREREQ" | |
} | |
case "$1" in | |
prereqs) | |
prereqs | |
exit 0 | |
;; | |
esac | |
. /scripts/functions | |
[ -r /var/run/dropbear.pid ] || exit 0 | |
log_begin_msg "Stopping dropbear" | |
kill `cat /var/run/dropbear.pid` | |
ip addr flush dev eth0; | |
ip link set down eth0; | |
log_end_msg |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# location: /etc/initramfs-tools/scripts/local-top/mount-boot.sh | |
PREREQ="udev devpts" | |
prereqs() { | |
echo "$PREREQ" | |
} | |
case "$1" in | |
prereqs) | |
prereqs | |
exit 0 | |
;; | |
esac | |
. /scripts/functions | |
# 195.9.250.36 is the local static IP | |
# 76.9.158.210/32 ist the gateway | |
ip address add 195.9.250.36 peer 76.9.158.210/32 brd 255.255.255.255 dev eth0; | |
ip link set up eth0; | |
ip route add 76.9.158.210 src 195.9.250.36 dev eth0; | |
ip route add default via 76.9.158.210 dev eth0; | |
ip addr; | |
ip route; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment