[pkg-cryptsetup-devel] Bug#866786: Bug#866786: Bug#866786: unlock all crypto devices in cryptroot-unlock (remote SSH-based unlocking)
Antoine Beaupré
anarcat at debian.org
Sun Jul 2 21:33:00 UTC 2017
On 2017-07-02 23:16:22, Guilhem Moulin wrote:
> Control: tag -1 = pending
>
> On Sun, 02 Jul 2017 at 17:03:53 -0400, Antoine Beaupré wrote:
>> Maybe what is needed then is simply a patch to the motd to warn the user
>> the command may need to be called multiple times? Or just loop over the
>> devices as you suggested before?
>
> I have implemented the later already :-) Not super happy about it as it
> relies on dropbear to clean up the session properly (also implemented,
> should be in dropbear-initramfs 2017.75-2), but it does the job.
>
> By the way adding a command= authorized_keys(5) option works fine, too
> :-)
>
> $ sudo sed -nr 's/\s.*//p' /etc/dropbear-initramfs/authorized_keys
> no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="/bin/cryptroot-unlock"
ah that's neat too. the only problem is it won't work until that
workaround of yours is shipped... in stretch, in my case! ;)
do i still need the IFDOWN=none hack now? i feel that i won't be able to
run the unlock script multiple times if i remove that tweak...
a.
--
Use for yourself little but give to others much.
- Albert Einstein
More information about the pkg-cryptsetup-devel
mailing list