[pkg-cryptsetup-devel] Bug#866786: Bug#866786: Bug#866786: unlock all crypto devices in cryptroot-unlock (remote SSH-based unlocking)
Guilhem Moulin
guilhem at debian.org
Sun Jul 2 21:16:22 UTC 2017
Control: tag -1 = pending
On Sun, 02 Jul 2017 at 17:03:53 -0400, Antoine Beaupré wrote:
> Maybe what is needed then is simply a patch to the motd to warn the user
> the command may need to be called multiple times? Or just loop over the
> devices as you suggested before?
I have implemented the later already :-) Not super happy about it as it
relies on dropbear to clean up the session properly (also implemented,
should be in dropbear-initramfs 2017.75-2), but it does the job.
By the way adding a command= authorized_keys(5) option works fine, too
:-)
$ sudo sed -nr 's/\s.*//p' /etc/dropbear-initramfs/authorized_keys
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="/bin/cryptroot-unlock"
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20170702/b862307d/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list