mirrors
/
archlinux-initrd-ssh-cryptsetup
mirror of https://github.com/suiryc/archlinux-initrd-ssh-cryptsetup.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1 Commit
1 Branch
12 Tags
86 KiB
Shell 100%
 
Go to file
Julien Coloos 3e089a0ddb Initial commit 2014-05-19 22:46:59 +02:00
src Initial commit 2014-05-19 22:46:59 +02:00
ChangeLog Initial commit 2014-05-19 22:46:59 +02:00
LICENSE Initial commit 2014-05-19 22:46:59 +02:00
PKGBUILD Initial commit 2014-05-19 22:46:59 +02:00
README.md Initial commit 2014-05-19 22:46:59 +02:00
initrd-ssh-cryptsetup.install Initial commit 2014-05-19 22:46:59 +02:00

README.md

Personal ArchLinux package combining dropbear and cryptsetup in initrd for unlocking LUKS-encrypted devices either locally (boot console) or remotely over SSH. The code was reworked from dropbear_initrd_encrypt.

Installation

After cloning the repo, installation is done as for an AUR package.

Configuration

As explained upon installation, the following things need to be done:

  • add the SSH public key to /etc/dropbear/initrd.authorized_keys
  • add the ip= kernel command parameter to the bootloader configuration (see https://wiki.archlinux.org/index.php/Mkinitcpio#Using_net)
  • in the HOOKS section of /etc/mkinitcpio.conf, add ssh-cryptsetup before filesystems; then rebuild the initramfs: mkinitcpio -p linux

The LUKS-encrypted devices to unlock are derived from /etc/crypttab.

The SSH listening port (22 by default) can be changed by setting the sshcs_opt_listen option in /etc/dropbear/initrd.env (file is sourced in initrd shell). For example:

sshcs_opt_listen=2222