724d6a6bf0
Specify timeout for ipconfig so that we can still boot while network is done. Otherwise ipconfig remains stuck (until IP can be configured). If not given we default to 10s. Minor code refactoring. Moved configuration file from /etc/dropbear/initrd.env to /etc/initcpio/sshcs_env since it now contains options for ipconfig and not only dropbear. Package installation script move legacy file to new path if present. v0.3-1 |
||
|---|---|---|
| src | ||
| ChangeLog | ||
| LICENSE | ||
| PKGBUILD | ||
| README.md | ||
| initrd-ssh-cryptsetup.install | ||
README.md
Personal ArchLinux package combining dropbear and cryptsetup in initrd for unlocking LUKS-encrypted devices either locally (boot console) or remotely over SSH. The code was reworked from dropbear_initrd_encrypt.
Installation
After cloning the repo, installation is done as for an AUR package.
Configuration
As explained upon installation, the following things need to be done:
- add the SSH public key to
/etc/dropbear/initrd.authorized_keys - add the
ip=kernel command parameter to the bootloader configuration (see https://wiki.archlinux.org/index.php/Mkinitcpio#Using_net) - in the
HOOKSsection of/etc/mkinitcpio.conf, addssh-cryptsetupbeforefilesystems; then rebuild the initramfs:mkinitcpio -p linux
The LUKS-encrypted devices to unlock are derived from /etc/crypttab.
Some options can be set in /etc/initcpio/sshcs_env (file is sourced in initrd shell):
sshcs_opt_timeout_ipconfig: time (in seconds) to configure IP- default: 10 seconds
sshcs_opt_listen: SSH listening port- default: 22
sshcs_opt_timeout_poweroff: time (in seconds) to unlock devices before automatic powering off- default (and minimum value): 2 minutes
- negative value to deactivate
For example:
sshcs_opt_timeout_ipconfig=30
sshcs_opt_listen=2222
sshcs_opt_timeout_poweroff=-1