[opensuse] Howto start encrypted machine remotely
Hi guys, I have the following problem: There's a remote machine with encrypted /home and /swap. During bootup it asks for the passwords - but the machine should be able to startup remotely. So options are - Buy a console server :( - Get the network service starting earlier and redirect the bootconsole to ssh (How?) - Get the machine booted without /home and /swap, access it via ssh/vnc and mount those. (How?) How can I achieve this? Are there any other options? Thanks! [using openSUSE 11.0 with Encryption setup during initial setup process] -- Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten Browser-Versionen downloaden: http://www.gmx.net/de/go/browser -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-07-26 at 23:38 +0200, trashcanZ@gmx.net wrote:
Hi guys,
I have the following problem: There's a remote machine with encrypted /home and /swap. During bootup it asks for the passwords - but the machine should be able to startup remotely.
So options are
- Buy a console server :( - Get the network service starting earlier and redirect the bootconsole to ssh (How?) - Get the machine booted without /home and /swap, access it via ssh/vnc and mount those. (How?)
How can I achieve this? Are there any other options?
I don't know if it is possible, but you can have a look at the script that sets it up (/etc/init.d/boot.crypto) and see if you can hack it up. The network is started much later... maybe you should mount home and swap also later. Shh? No idea. Perhaps... ssh as root once the system is booted, and activate the crypto partitions manually from there. That seems the best way to me. Console server? You can set up two machines on a dual setup, one will act as console server for the other; but then, the password can be easily sniffed by any one there. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIi7vMtTMYHG2NR9URAohIAKCLdHZvSGPHMp38aWLZktvDVJOFtgCcDcrv m300LdAFXDRnxDED3pA2/Ww= =FnUS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi! Am Samstag 26 Juli 2008 schrieb trashcanZ@gmx.net:
I have the following problem: There's a remote machine with encrypted /home and /swap. During bootup it asks for the passwords - but the machine should be able to startup remotely.
As far as swap is concerned this shouldn't be a problem as the mashine could generate a new password for that anytime it boots. Regards, Matthias -- Matthias Bach www.marix.org „Der einzige Weg, die Grenzen des Möglichen zu finden, ist ein klein wenig über diese hinaus in das Unmögliche vorzustoßen.“ - Arthur C. Clarke
I did it like this: - disabled boot.crypt in boot runlevel - ssh to the machine and did a "/etc/init.d/boot.crypto start" to enter passwords - start vnc and export X The only thing now is that the swap remains disabled while /home is mounted fine. I did a "swapon -a" and afterwards its listed in the output of "swapon -s", but ksysguard for e.g. still shows "Swap 0B/0B". How can I enable the swap after boot?
As far as swap is concerned this shouldn't be a problem as the machine could generate a new password for that anytime it boots.
This would be even better! The swap is encrypted by Luks and each time I run "boot.crypto start" it asks for the password for both swap and /home. How can I use a random password for swap? Thanks! -- GMX startet ShortView.de. Hier findest Du Leute mit Deinen Interessen! Jetzt dabei sein: http://www.shortview.de/wasistshortview.php?mc=sv_ext_mf@gmx -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
As far as swap is concerned this shouldn't be a problem as the machine could generate a new password for that anytime it boots.
This would be even better! The swap is encrypted by Luks and each time I run "boot.crypto start" it asks for the password for both swap and /home. How can I use a random password for swap?
Just leaving the password blank when creating the encrypted swap partition is the solution! Its using a random password then. -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-07-27 at 16:32 +0200, trashcanZ@gmx.net wrote:
I did it like this:
- disabled boot.crypt in boot runlevel - ssh to the machine and did a "/etc/init.d/boot.crypto start" to enter passwords
You don't need that. Just define the partitions to be "noauto" in /etc/crypttab. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIjJGLtTMYHG2NR9URAiJsAJ9RaaQU7/0ruQq602a0RI30SfyKSACeLd1X prI45tAmcE6UKgtf/idEEcQ= =k+yb -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Carlos E. R.
-
Matthias Bach
-
trashcanZ@gmx.net