| View previous topic :: View next topic |
| Author |
Message |
Zubziro
Apprentice
Joined: 21 Sep 2005
Posts: 248
Location: Sweden
|
 Posted: Sat Jun 01, 2013 2:28 pm Post subject: initramfs + sshd + luks [solved] |
 |
|
Hi
Need help to build initramfs with sshd + luks support to remote mount root.
Anyone has this setup up and running?
/thanks
Last edited by Zubziro on Thu Jun 06, 2013 11:17 am; edited 1 time in total |
|
| Back to top |
|
 |
Zubziro
Apprentice
Joined: 21 Sep 2005
Posts: 248
Location: Sweden
|
| Posted: Thu Jun 06, 2013 8:42 am Post subject: |
|
|
Hi all
I fixed it.
followed http://whitehathouston.com/documentation/gentoo/initramfs_howto.htm to get basic initramfs upp and running
then emerged:
| Code: | | net-misc/dropbear-2012.55 USE="pam zlib -bsdpty -minimal -multicall -savedconfig -static -syslog" |
note '-static' static & pam together wont compile and i couldn't get password authentication of dropbear work without pam.
cp /usr/sbin/dropbear /usr/src/initramfs/usr/sbin
copied som libs + NIC module from /lib to /usr/src/initramfs/lib:
| Code: | -rwxr-xr-x 1 root root 142K Jun 4 20:55 ld-2.15.so
lrwxrwxrwx 1 root root 10 Jun 6 08:41 ld-linux-x86-64.so.2 -> ld-2.15.so
-rwxr-xr-x 1 root root 1.7M Jun 4 20:55 libc-2.15.so
lrwxrwxrwx 1 root root 12 Jun 6 08:41 libc.so.6 -> libc-2.15.so
-rwxr-xr-x 1 root root 35K Jun 6 08:19 libcrypt.so.1
-rwxr-xr-x 1 root root 87K Jun 6 08:13 libnsl.so.1
-rwxr-xr-x 1 root root 51K Jun 4 20:55 libnss_files-2.15.so
lrwxrwxrwx 1 root root 20 Jun 6 08:41 libnss_files.so.2 -> libnss_files-2.15.so
-rwxr-xr-x 1 root root 11K Jun 6 08:14 libutil.so.1
lrwxrwxrwx 1 root root 13 Jun 6 08:41 libz.so.1 -> libz.so.1.2.7
-rwxr-xr-x 1 root root 87K Jun 4 20:55 libz.so.1.2.7
drwxr-xr-x 3 root root 4.0K Jun 4 20:55 modules |
setup in /usr/src/initramfs/etc:
| Code: | drwxr-xr-x 2 root root 4.0K Jun 5 17:19 dropbear
-rw-r--r-- 1 root root 13 Jun 5 19:55 group
-rw-r--r-- 1 root root 2.1K Jun 4 20:55 ld.so.cache
-rw-r--r-- 1 root root 224 Jun 4 20:55 ld.so.conf
-rw-r--r-- 1 root root 41 Jun 6 07:57 nsswitch.conf
-rw-r--r-- 1 root root 29 Jun 6 09:21 passwd
-rw-r----- 1 root root 116 Jun 5 19:56 shadow
./dropbear:
total 8.0K
-rw------- 1 root root 457 Jun 5 17:19 dropbear_dss_host_key
-rw------- 1 root root 806 Jun 5 17:19 dropbear_rsa_host_key
|
removed everything from passwd shadow group except root.
change shell in passwd to /bin/sh
cat nsswitch.conf:
| Code: |
passwd: files
shadow: files
group: files
|
populate /usr/src/initramfs/bin/
| Code: |
for i in $(busybox --list)
do
ln -s busybox /usr/src/initramfs/bin/$i
done
|
my initscript /usr/src/initramfs/init:
| Code: |
#!/bin/busybox sh
# temporarily mount proc and sys
mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev
mkdir /dev/pts
mount -t devpts devpts /dev/pts
modprobe r8168
ifconfig eth0 192.168.0.5
ifconfig eth1 192.168.1.5
/usr/sbin/dropbear -FEjkm
mount -o ro /dev/mapper/root /mnt/root || /bin/reboot -f
#---clean up---
rmmod r8168
umount /dev/pts
umount /proc
umount /sys
umount /dev
exec switch_root /mnt/root /sbin/init
|
then boot, ssh to dropbear and run:
| Code: | /sbin/cryptsetup -T 5 luksOpen /dev/sda2 root
/bin/killall dropbear
|
if cryptsetup mount is OK system will boot otherwise system will reboot and i can start over again.
Hope this will be helpfull to someone. |
|
| Back to top |
|
|
foobar23
n00b
Joined: 10 Jun 2011
Posts: 3
|
| Posted: Sat Jan 25, 2014 3:32 pm Post subject: |
|
|
| Thank you very much! |
|
| Back to top |
|
|
|
Networking & Security
