On Wed, Sep 26, 2018 at 06:14:42PM +0200, deloptes wrote:
so how can we do it with initram and without some external key server? Imagine I have only boot not encrypted on the server. I want to boot the machine and get a prompt via SSH or something like SSH, where I can type in the password and decrypt root and all other volumes. I do not want to store password or anything sensitive in the boot directory. I can imagine one time ssh created when you try to login, but it is still not secure enough.
What you describe is exactly how the dropbear/initramfs integration works. The data stored in /boot is the initramfs, and within that, the only material you might consider sensitive is an SSH server keypair (public&private) for the SSHD instance in the initramfs environment - this does not need to be the same as for your running system; and an authorized_keys file, containing your SSH *public* key. Are those too sensitive for you? I suspect you could probably do without the SSHD public/private keypair and have the initramfs environment generate a new pair each time, but then you'd have no chain of trust for connecting to it; so you have to weigh up those two scenarios. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland ⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net ⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.
