Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
initramfs + sshd + luks [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Zubziro
Apprentice
Apprentice


Joined: 21 Sep 2005
Posts: 241
Location: Sweden

PostPosted: Sat Jun 01, 2013 2:28 pm    Post subject: initramfs + sshd + luks [solved] Reply with quote

Hi

Need help to build initramfs with sshd + luks support to remote mount root.
Anyone has this setup up and running?

/thanks


Last edited by Zubziro on Thu Jun 06, 2013 11:17 am; edited 1 time in total
Back to top
View user's profile Send private message
Zubziro
Apprentice
Apprentice


Joined: 21 Sep 2005
Posts: 241
Location: Sweden

PostPosted: Thu Jun 06, 2013 8:42 am    Post subject: Reply with quote

Hi all

I fixed it.

followed http://whitehathouston.com/documentation/gentoo/initramfs_howto.htm to get basic initramfs upp and running

then emerged:
Code:
 net-misc/dropbear-2012.55  USE="pam zlib -bsdpty -minimal -multicall -savedconfig -static -syslog"

note '-static' static & pam together wont compile and i couldn't get password authentication of dropbear work without pam.

cp /usr/sbin/dropbear /usr/src/initramfs/usr/sbin

copied som libs + NIC module from /lib to /usr/src/initramfs/lib:
Code:
-rwxr-xr-x 1 root root 142K Jun  4 20:55 ld-2.15.so
lrwxrwxrwx 1 root root   10 Jun  6 08:41 ld-linux-x86-64.so.2 -> ld-2.15.so
-rwxr-xr-x 1 root root 1.7M Jun  4 20:55 libc-2.15.so
lrwxrwxrwx 1 root root   12 Jun  6 08:41 libc.so.6 -> libc-2.15.so
-rwxr-xr-x 1 root root  35K Jun  6 08:19 libcrypt.so.1
-rwxr-xr-x 1 root root  87K Jun  6 08:13 libnsl.so.1
-rwxr-xr-x 1 root root  51K Jun  4 20:55 libnss_files-2.15.so
lrwxrwxrwx 1 root root   20 Jun  6 08:41 libnss_files.so.2 -> libnss_files-2.15.so
-rwxr-xr-x 1 root root  11K Jun  6 08:14 libutil.so.1
lrwxrwxrwx 1 root root   13 Jun  6 08:41 libz.so.1 -> libz.so.1.2.7
-rwxr-xr-x 1 root root  87K Jun  4 20:55 libz.so.1.2.7
drwxr-xr-x 3 root root 4.0K Jun  4 20:55 modules


setup in /usr/src/initramfs/etc:
Code:
drwxr-xr-x 2 root root 4.0K Jun  5 17:19 dropbear
-rw-r--r-- 1 root root   13 Jun  5 19:55 group
-rw-r--r-- 1 root root 2.1K Jun  4 20:55 ld.so.cache
-rw-r--r-- 1 root root  224 Jun  4 20:55 ld.so.conf
-rw-r--r-- 1 root root   41 Jun  6 07:57 nsswitch.conf
-rw-r--r-- 1 root root   29 Jun  6 09:21 passwd
-rw-r----- 1 root root  116 Jun  5 19:56 shadow

./dropbear:
total 8.0K
-rw------- 1 root root 457 Jun  5 17:19 dropbear_dss_host_key
-rw------- 1 root root 806 Jun  5 17:19 dropbear_rsa_host_key


removed everything from passwd shadow group except root.
change shell in passwd to /bin/sh

cat nsswitch.conf:
Code:

passwd: files
shadow: files
group: files


populate /usr/src/initramfs/bin/
Code:

for i in $(busybox --list)
do
 ln -s busybox /usr/src/initramfs/bin/$i
done


my initscript /usr/src/initramfs/init:
Code:

#!/bin/busybox sh

# temporarily mount proc and sys
mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev
mkdir /dev/pts
mount -t devpts devpts /dev/pts

modprobe r8168
ifconfig eth0 192.168.0.5
ifconfig eth1 192.168.1.5

/usr/sbin/dropbear -FEjkm

mount -o ro /dev/mapper/root /mnt/root || /bin/reboot -f

#---clean up---
rmmod r8168
umount /dev/pts
umount /proc
umount /sys
umount /dev
exec switch_root /mnt/root /sbin/init


then boot, ssh to dropbear and run:
Code:
/sbin/cryptsetup -T 5 luksOpen /dev/sda2 root
/bin/killall dropbear


if cryptsetup mount is OK system will boot otherwise system will reboot and i can start over again.

Hope this will be helpfull to someone.
Back to top
View user's profile Send private message
foobar23
n00b
n00b


Joined: 10 Jun 2011
Posts: 3

PostPosted: Sat Jan 25, 2014 3:32 pm    Post subject: Reply with quote

Thank you very much!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum