Unlocking a LUKS encrypted root partition via ssh

Support for security such as Firewalls and securing linux
icy-flame
Posts: 5
Joined: 2009/07/29 12:41:22

Unlocking a LUKS encrypted root partition via ssh

Postby icy-flame » 2010/05/21 09:42:17

Anyone had any experience with unlocking a LUKS encrypted root partition via ssh?

There are a few pages from google with the debians variants:

This is the ubuntu solution:
http://www.howtoforge.com/unlock-a-l...-ssh-on-ubuntu

and this for debian:
http://gpl.coulmann.de/ssh_luks_unlock.html

By the look of it, it is using dropbear and busybox. Only /boot is unencrypted, once passphase is given via ssh (with dropbear inside initrd), then chroot to the actual root partition.

I wonder if anyone done similar things with centos before, so I don't have to reinvent the wheels. Any suggestions and thoughts as to what might be a suitable centos implementation?

Thanks!

ComposMentis
Posts: 1
Joined: 2014/11/20 20:37:36

Re: Unlocking a LUKS encrypted root partition via ssh

Postby ComposMentis » 2014/11/20 20:40:41

I am looking for the same problem, Fedora is also information less at the moment. They use Dracut to replace their old initramfs system. So the ssh server should work between Grub and the LUKS decryption.

aks
Posts: 2498
Joined: 2014/09/20 11:22:14

Re: Unlocking a LUKS encrypted root partition via ssh

Postby aks » 2014/11/21 16:47:07

So the sshd usually starts well after / is mounted - which you can do as / cant be mounted before the password is entered. So the Debian link you provided is using a stipped down ssh called dropbear, that then gets placed in the initrd and a script to start it. That is all it is. Probably not a "supported" thing, but you couold do that if you wanted to I guess.