Last active
August 29, 2015 13:57
-
-
Save timabell/9568173 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# http://blog.nguyenvq.com/blog/2011/09/13/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu/ | |
host=pink | |
timeout=35 | |
echo "ssh'ing to $host to unlock luks. Wait $timeout secs for password prompt" | |
ssh -o "UserKnownHostsFile=~/.ssh/known-initram" root@$host << EOF | |
pid=\`ps | grep "/scripts/local-top/cryptroot" | grep -v "grep" | cut -d " " -f 3\` | |
echo "Found pid(s) of cryptroot: \$pid" | |
kill -9 \$pid | |
echo "Waiting $timeout secs for wait-for-root script to time out..." | |
sleep $timeout | |
EOF | |
echo "sshing for password..." | |
ssh -t -o "UserKnownHostsFile=~/.ssh/known-initram" root@$host '/scripts/local-top/cryptroot' | |
echo "sshing to kill shell" | |
ssh -o "UserKnownHostsFile=~/.ssh/known-initram" root@$host << EOF | |
pid=\`ps | grep "/bin/sh" | grep -v "grep" | cut -d " " -f 3\` | |
kill -9 \$pid; exit | |
EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[EDIT] I see where this applies now # http://blog.nguyenvq.com/blog/2011/09/13/remote-unlocking-luks-encrypted-lvm-using-dropbear-ssh-in-ubuntu/ - If you have a yubikey solution I would still appreciate your help on that. [/EDIT]
Could you please explain how this works? I understand that I can use this from the client to log into a dm-crypt + LUKS encrypted remote server. In my case it's Mint 14.04, and I don't need to do anything on the side side other than setting up ssh access for the client. Running this script will allow me to remote into the encrypted server without having to physically go to the server and type in the dm-crypt + LUKS password. I assume that I can also login with a username that has sudo rights. Could you please advise?
Also, is there a way that I can use my Yubikey with this? I've purchased a couple and haven't ever used them and I didn't want to set up yubikey on the server unless I could access it remotely without someone having to be physically present to activate the yubikey. Thanks.