LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   How to SSH into initramfs on headless SliTaz server (https://www.linuxquestions.org/questions/linux-server-73/how-to-ssh-into-initramfs-on-headless-slitaz-server-852267/)

penyuan 12-24-2010 06:48 PM
How to SSH into initramfs on headless SliTaz server
 
Hi,
I've installed SliTaz Linux onto a headless server with the following partition scheme:

/dev/hdb1 ext3 main system
/dev/hdb2 ext3 currently empty
/dev/hdb3 swap

I would like to further configure this machine so that (1) a VirtualBox virtual machine is automatically started during boot with no user intervention, and (2) /dev/hdb1 /dev/hdb2 are encrypted with LUKS or the like.

Because /dev/hdb1 and /dev/hdb2 will be encrypted, I will need to decrypt them with my passphrase during boot. But since this will be a headless server, I need to SSH in before the main OS loads, i.e. I probably need to SSH into initramfs?

So far, I've found (1) VBoxTool which starts a virtual machine during boot, and (2) and early-ssh which installs dropbear SSH server into initramfs.

However, since all my partitions (/dev/hdb1, /dev/hdb2) will be encrypted, I need to decrypt them before the boot process can continue after initramfs. This seems to imply that I need to modify the initramfs process so that I can (1) login via early-ssh mentioned above, (2) enter my decryption passphrase, then (3) let the normal boot process continue.

Therefore, my question is: how do I find and edit my initramfs so that I can add the needed decryption tools (what are they?) and be prompted to enter my passphrase via SSH during boot?

Sorry for the long question, thanks for your help!

Noway2 12-24-2010 09:07 PM
You are facing one of the proverbial, circular, problems with whole disk encryption. I would first recommend that you carefully consider why you want to encrypt the system and what you are trying to protect against. Once the file system is mounted and things are running, it won't be encrypted anymore. You might be just as well off to encrypt your /home partition with A LOT less trouble.

As I said, you are facing a classic problem: how to mount the file system when it is encrypted. One way around this is to keep a small unencrypted boot partition. Thinking about what is int he boot partition, a ram image for Linux, do you really care if this part is encrypted or not?

Take a look at this link. It is a how to from a reputable website that discusses how to encrypt your whole hard drive, should you wish to.

http://www.tldp.org/HOWTO/html_singl...ryption-HOWTO/

hablatus 03-14-2011 06:19 AM
how far did you improve
 
Hello Noway2,

i have a constellation which is quiet similar to yours.
There are some helpfull suggestions i found on this, this and this site.

There is also a german article you can buy here.

For me patching the initrd worked out. I ssh to my server but unfortunately i can't mount encrypted volumes
because the initrd does not include the necessary binaries like modprobe and crytsetup.
It might be a update-initramfs issue. I will write more about it when i solved the problem.

/hablatus


All times are GMT -5. The time now is 10:14 PM.