Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 12-24-2010, 06:48 PM   #1
Registered: Oct 2009
Distribution: Scientific Linux 6
Posts: 148

Rep: Reputation: 18
Question How to SSH into initramfs on headless SliTaz server

I've installed SliTaz Linux onto a headless server with the following partition scheme:

/dev/hdb1 ext3 main system
/dev/hdb2 ext3 currently empty
/dev/hdb3 swap

I would like to further configure this machine so that (1) a VirtualBox virtual machine is automatically started during boot with no user intervention, and (2) /dev/hdb1 /dev/hdb2 are encrypted with LUKS or the like.

Because /dev/hdb1 and /dev/hdb2 will be encrypted, I will need to decrypt them with my passphrase during boot. But since this will be a headless server, I need to SSH in before the main OS loads, i.e. I probably need to SSH into initramfs?

So far, I've found (1) VBoxTool which starts a virtual machine during boot, and (2) and early-ssh which installs dropbear SSH server into initramfs.

However, since all my partitions (/dev/hdb1, /dev/hdb2) will be encrypted, I need to decrypt them before the boot process can continue after initramfs. This seems to imply that I need to modify the initramfs process so that I can (1) login via early-ssh mentioned above, (2) enter my decryption passphrase, then (3) let the normal boot process continue.

Therefore, my question is: how do I find and edit my initramfs so that I can add the needed decryption tools (what are they?) and be prompted to enter my passphrase via SSH during boot?

Sorry for the long question, thanks for your help!
Old 12-24-2010, 09:07 PM   #2
Senior Member
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
You are facing one of the proverbial, circular, problems with whole disk encryption. I would first recommend that you carefully consider why you want to encrypt the system and what you are trying to protect against. Once the file system is mounted and things are running, it won't be encrypted anymore. You might be just as well off to encrypt your /home partition with A LOT less trouble.

As I said, you are facing a classic problem: how to mount the file system when it is encrypted. One way around this is to keep a small unencrypted boot partition. Thinking about what is int he boot partition, a ram image for Linux, do you really care if this part is encrypted or not?

Take a look at this link. It is a how to from a reputable website that discusses how to encrypt your whole hard drive, should you wish to.

Last edited by Noway2; 12-24-2010 at 09:08 PM. Reason: typo
Old 03-14-2011, 06:19 AM   #3
LQ Newbie
Registered: Mar 2011
Posts: 2

Rep: Reputation: 0
how far did you improve

Hello Noway2,

i have a constellation which is quiet similar to yours.
There are some helpfull suggestions i found on this, this and this site.

There is also a german article you can buy here.

For me patching the initrd worked out. I ssh to my server but unfortunately i can't mount encrypted volumes
because the initrd does not include the necessary binaries like modprobe and crytsetup.
It might be a update-initramfs issue. I will write more about it when i solved the problem.



boot loader, initramfs, luks, slitaz, ssh

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh into headless server Trio3b Linux - Server 5 01-24-2010 10:28 PM
Debian headless ftp server administered threw ssh lindylex Debian 5 08-26-2008 07:01 AM
Headless Server Install steve4586 Linux - General 3 12-14-2006 06:13 AM
headless server gravij Linux - General 2 06-06-2004 07:24 AM
Raid 5 Headless Server flysideways Linux - Networking 0 05-15-2004 11:41 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:51 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration