LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-24-2010, 07:48 PM   #1
penyuan
Member
 
Registered: Oct 2009
Distribution: Scientific Linux 6
Posts: 71

Rep: Reputation: 5
Question How to SSH into initramfs on headless SliTaz server


Hi,
I've installed SliTaz Linux onto a headless server with the following partition scheme:

/dev/hdb1 ext3 main system
/dev/hdb2 ext3 currently empty
/dev/hdb3 swap

I would like to further configure this machine so that (1) a VirtualBox virtual machine is automatically started during boot with no user intervention, and (2) /dev/hdb1 /dev/hdb2 are encrypted with LUKS or the like.

Because /dev/hdb1 and /dev/hdb2 will be encrypted, I will need to decrypt them with my passphrase during boot. But since this will be a headless server, I need to SSH in before the main OS loads, i.e. I probably need to SSH into initramfs?

So far, I've found (1) VBoxTool which starts a virtual machine during boot, and (2) and early-ssh which installs dropbear SSH server into initramfs.

However, since all my partitions (/dev/hdb1, /dev/hdb2) will be encrypted, I need to decrypt them before the boot process can continue after initramfs. This seems to imply that I need to modify the initramfs process so that I can (1) login via early-ssh mentioned above, (2) enter my decryption passphrase, then (3) let the normal boot process continue.

Therefore, my question is: how do I find and edit my initramfs so that I can add the needed decryption tools (what are they?) and be prompted to enter my passphrase via SSH during boot?

Sorry for the long question, thanks for your help!
 
Old 12-24-2010, 10:07 PM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
You are facing one of the proverbial, circular, problems with whole disk encryption. I would first recommend that you carefully consider why you want to encrypt the system and what you are trying to protect against. Once the file system is mounted and things are running, it won't be encrypted anymore. You might be just as well off to encrypt your /home partition with A LOT less trouble.

As I said, you are facing a classic problem: how to mount the file system when it is encrypted. One way around this is to keep a small unencrypted boot partition. Thinking about what is int he boot partition, a ram image for Linux, do you really care if this part is encrypted or not?

Take a look at this link. It is a how to from a reputable website that discusses how to encrypt your whole hard drive, should you wish to.

http://www.tldp.org/HOWTO/html_singl...ryption-HOWTO/

Last edited by Noway2; 12-24-2010 at 10:08 PM. Reason: typo
 
Old 03-14-2011, 07:19 AM   #3
hablatus
LQ Newbie
 
Registered: Mar 2011
Posts: 2

Rep: Reputation: 0
how far did you improve

Hello Noway2,

i have a constellation which is quiet similar to yours.
There are some helpfull suggestions i found on this, this and this site.

There is also a german article you can buy here.

For me patching the initrd worked out. I ssh to my server but unfortunately i can't mount encrypted volumes
because the initrd does not include the necessary binaries like modprobe and crytsetup.
It might be a update-initramfs issue. I will write more about it when i solved the problem.

/hablatus
 
  


Reply

Tags
boot loader, initramfs, luks, slitaz, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh into headless server Trio3b Linux - Server 5 01-24-2010 11:28 PM
Debian headless ftp server administered threw ssh lindylex Debian 5 08-26-2008 08:01 AM
Headless Server Install steve4586 Linux - General 3 12-14-2006 07:13 AM
headless server gravij Linux - General 2 06-06-2004 08:24 AM
Raid 5 Headless Server flysideways Linux - Networking 0 05-16-2004 12:41 AM


All times are GMT -5. The time now is 10:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration