Skip to content

Instantly share code, notes, and snippets.

@timabell

timabell/luks-unlock.sh

Last active Aug 29, 2015
Embed
What would you like to do?
#!/bin/bash
# http://blog.nguyenvq.com/blog/2011/09/13/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu/
host=pink
timeout=35
echo "ssh'ing to $host to unlock luks. Wait $timeout secs for password prompt"
ssh -o "UserKnownHostsFile=~/.ssh/known-initram" root@$host << EOF
pid=\`ps | grep "/scripts/local-top/cryptroot" | grep -v "grep" | cut -d " " -f 3\`
echo "Found pid(s) of cryptroot: \$pid"
kill -9 \$pid
echo "Waiting $timeout secs for wait-for-root script to time out..."
sleep $timeout
EOF
echo "sshing for password..."
ssh -t -o "UserKnownHostsFile=~/.ssh/known-initram" root@$host '/scripts/local-top/cryptroot'
echo "sshing to kill shell"
ssh -o "UserKnownHostsFile=~/.ssh/known-initram" root@$host << EOF
pid=\`ps | grep "/bin/sh" | grep -v "grep" | cut -d " " -f 3\`
kill -9 \$pid; exit
EOF
@Urdan

This comment has been minimized.

Copy link

@Urdan Urdan commented Nov 7, 2014

[EDIT] I see where this applies now # http://blog.nguyenvq.com/blog/2011/09/13/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu/ - If you have a yubikey solution I would still appreciate your help on that. [/EDIT]

Could you please explain how this works? I understand that I can use this from the client to log into a dm-crypt + LUKS encrypted remote server. In my case it's Mint 14.04, and I don't need to do anything on the side side other than setting up ssh access for the client. Running this script will allow me to remote into the encrypted server without having to physically go to the server and type in the dm-crypt + LUKS password. I assume that I can also login with a username that has sudo rights. Could you please advise?

Also, is there a way that I can use my Yubikey with this? I've purchased a couple and haven't ever used them and I didn't want to set up yubikey on the server unless I could access it remotely without someone having to be physically present to activate the yubikey. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment