menuimage

Description

Installation

Examples

Notes

Changelog

Download

My_Other_Sites

My_Programs

Comments

pass by Dominic v0.6 [05 Jul 2017]

Description

This script 'pass.sh' is for running via ssh by a client machine on a system awaiting passphrase entry at initramfs (boot) stage because it has a root filesystem on a partition encrypted with LUKS + dm-crypt - as offered during Debian/Ubuntu setup as: 'Guided - use entire disk and set up encrypted LVM'.

Installation

To make this possible, this script 'pass.sh' and a public key file are to be installed on the encrypted machine so as to be available in initramfs, while the matching private key file is needed on the client machine. Follow these steps (as root) on the encrypted machine:

apt install dropbear # Debian/Ubuntu includes dropbear-initramfs package
cp /path/to/pass.sh /etc/initramfs-tools/scripts
chown root:root /etc/initramfs-tools/scripts/pass.sh
chmod 775 /etc/initramfs-tools/scripts/pass.sh
mkdir -pm 700 /etc/initramfs-tools/root/.ssh
cat /path/to/public_key_file >>/etc/initramfs/root/.ssh/authorized_keys
update-initramfs -u -k all # update initramfs with these files

Examples

One-line example to run remotely (i.e. on client machine) to remote machine 192.168.20.196 under Linux or Cygwin or Bash-on-ubuntu-on-Windows:

ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@192.168.20.196 /scripts/pass.sh

Another one-line example but using a non-default private key file:
ssh -ti /path/to/private_key_file -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@192.168.20.196 /scripts/pass.sh

or under Windows using plink:
plink.exe -t -i C:\path\private_key_file.ppk root@192.168.20.196 /scripts/pass.sh

Notes

Tested under Ubuntu 16.04.2 set up with option 'Guided - use entire disk and set up encrypted LVM'.

Comparing pass.sh with unlock.sh, pass.sh is an agnostic shell script that must be pre-installed on the encrypted machine but can be run using SSH from a client with any OS, whereas unlock.sh runs as a bash script on the client machine and so requires a bash environment on that machine.

Changelog

0.6 [05 Jul 2017]: updated help
0.5 [08 May 2017]: updated help
0.4 [27 Apr 2017]: add -h and -l options

Download pass.sh

My Other Sites

My Programs

Here is a selection of some (other) programs I have written, most of which run from the command line (CLI), are freely available and can be obtained by clicking on the links. Dependencies are shown and while in most cases written for a conventional Linux server, they should run even on a Raspberry Pi, and many can run under Windows using Cygwin. Email me if you have problems or questions, or if you think I could help with a programming requirement.

Backup Utilities

Debian/Ubuntu kernel and LVM Utilities

Dellmont / Three / Giffgaff / Vodafone - VoIP and Mobile Phone Account Utilities

Miscellaneous Programs

Comments

No comments yet
*Name:
Email:
Hide my email
*Text:
 
Powered by Scriptsmill Comments Script