On Sun, Jun 28, 2015 at 07:46:11PM CEST, Christian Seiler <christ...@iwakd.de> said: > On 06/23/2015 06:52 PM, Christian Seiler wrote: > > On 06/23/2015 12:59 PM, Erwan David wrote: > >> Note that I use policy-rc.d to check whether the encrypted disk is > >> mounted for the daemons that need it (it allows not to change the init > >> files) > > > > That works? policy-rc.d should only affect invoke-rc.d, which shouldn't > > be relevant at boot, but only in maintainer scripts. (AFAIK at least.) > > > >> For what I need to know : I have a headless machine with an encrypted disk. > >> I cannot ask the password on console, so > >> 1) at boot I do not mount the encrypted disk, and start a minimal set > >> of daemons, among them the ssh daemon. > >> > >> 2) I ssh to the machine then mount encrypted disk and start remaining > >> daemons. > >> > >> How can I do this with systemd ? > > > > This is a great question because it presents a nice little problem that > > covers quite a few of topics regarding systemd. I've sat down and > > solved your little problem from a systemd perspective, and hopefully my > > solution will help you in understanding how systemd works. > > In case anybody is interested: since I've put quite a bit of work into > implementing / testing this, I've now written it up as a blog post > (typeset better than an email). I've also put in a couple of links, > and especially also mentioned that ideally, one would want to do this > from the initrd and not from a running systemd, see [1] for example. > Still, since it tackles a couple of systemd concepts and how they > interact with each other, it could be useful just for furthering > understanding, so here it is: > > https://blog.iwakd.de/headless-luks-decryption-via-ssh > > Christian > > [1] > https://projectgus.com/2013/05/encrypted-rootfs-over-ssh-with-debian-wheezy/ > (Even though the URL says Wheezy, it's been updated to also support > Jessie.) >
Thanks. I did not yet have the opportunity to test (I am on holiday on a phone), I keep your blog address. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150628180639.ga31...@rail.eu.org
