[Bug 1141868] support LUKS unlock via SSH (package: dracut-crypt-ssh)
http://bugzilla.suse.com/show_bug.cgi?id=1141868
http://bugzilla.suse.com/show_bug.cgi?id=1141868#c7
--- Comment #7 from kolA flash
dracut.cmdline(7) provides details on how to do that:
use the ip= parameter variant for static IPs. You probably also need rd.neednet=1 (otherwise dracut decides that you are not trying to mount the root partition from a network location, and will hence skip the setup.
Does that work for you?
I tried these variants without succes (running in Qemu user network). I may have another look at it on Monday. rd.neednet=1 ip=dhcp rd.neednet=1 ip=10.0.2.15::10.0.2.2:255.255.255.0:linux-box:eth0:off (from https://github.com/dracut-crypt-ssh/dracut-crypt-ssh/blob/master/README.md ) rd.neednet=1 ip=10.0.2.15::10.0.2.2:255.255.255.0:linux-box:eth0:on (from http://man7.org/linux/man-pages/man7/dracut.cmdline.7.html ) (In reply to Andreas Schneider from comment #4)
[...] We could simply implement a minimal ssh server just for this job using https://libssh.org/ instead of adding dropbear.
Do you think simply using dracut-crypt-ssh, including dropbear is such a bad choice? I know, Dropbear isn't as well maintained as OpenSSH. But one more minor, SUSE specific SSH implementation may not be a better choice than dropbear. And Debian, Ubuntu and Arch also rely on dropbear for their dropbear-initramfs package. So there's an existing community for dropbear. tinyssh may be an alternative. And Arch is actually providing it as an initrd alternative for dropbear. https://www.archlinux.org/packages/community/any/mkinitcpio-dropbear/ https://www.archlinux.org/packages/community/any/mkinitcpio-tinyssh/ Nevertheless, dracut-crypt-ssh provides an already working solution for openSUSE, which just have to be officially integrated. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com