btawc.blogg.se - Dropbear ssh luks

Install it by issuing:Īpt-get -assume-yes install dropbear-initramfs Make sure your system (specially cryptsetup package) is up-to-date:Īpt-get update & apt-get -assume-yes upgrade Install Dropbear package for initramfsĪs i said earlier, Ubuntu uses special Dropbear package to provide SSH server functionalities in initramfs environment with all the required hooks and scripts. So you might want to sudo -i to root before continuing. This is the main reason why Dropbear is being used as the SSH server combined with BusyBox to provide the shell and basic utilities.Īll provided steps require root access. Now if we could somehow run a SSH server in initramfs and make it accessible via network, one could remotely connect to it to unlock root partition.Īs initramfs runs in memory, we are somewhat limited in the size and complexity of the running programs. The kernel loads initramfs image, inside this image are the required files/modules/scripts for decrypting/mounting root. ubuntu-vg-swap_1 is the swap partition.

sda5_crypt is the virtual crypt partition after unlocking (which uses LVM).

sda2 marks the start of the logical partitions.

Our overall setup would be something like this: NAME FSTYPE You will be prompted for the LUKS password after reboot to unlock the disk: Since There is no other OS on this system, it’s safe to install GRUB boot loader: The default is to make a single partition the size of the HDD:Ĭonfirm the partition setup and continue with the installation: For advanced setups, you can use only a percentage of the available space and create more partitions later on (And all of them would be automatically encrypted). Setup a strong passphrase for LUKS and confirm it:ĭecide on how much of the disk space you want to dedicate to the root partition. In the next window, take extreme care to select the right HDD in case you have multiple ones:Ĭonfirm changing the partition scheme to LVM if it was asked for: The disk might need to be unmounted first:Ĭhoose Guided - use entire disk and setup encrypted LVM option:

We are going to use LVM inside the LUKS container, it is not only supported, but the recommended way as we could also make use of advanced LVM functionalities later on.įollow the installation until you reach the disk partitioning section: These steps would completely remove any leftover partitions and their associated data on the drive without the possibility to recover.