hi!
i've updated the patch to 0.51-1.
also when using the patch with a current lenny, i found out that at some time
after etch the bsd/legacy ptys were removed from the kernel config. so i added
mounting devpts (if available) to the initramfs.
i also added:
- killing the dropbear parent process
hi!
Hi, if I understand the concept correctly, the initial ramdisk isn't
encrypted, and holds the ssh host key. Doesn't this enable an attacker
to steal the cryptroot passphrase?
that's correct.
if the attacker has physical access to the host, the host key can be
stolen. this could be used f
On Fri, Feb 15, 2008 at 03:47:45PM +0100, [EMAIL PROTECTED] wrote:
> this patch is part of three patches (initramfs-tools, cryptsetup, dropbear)
> which enable mkinitramfs to create initramfss that provide the ability to
> log in and unlock a cryptroot during the boot process from remote via ssh.
I don't think Recommends is appropriate for the general
case - it's meant for packages used in "all but unusual
installations" (from the policy manual) isn't it?
ok, i'm not too familiar with the interpretation of the policy, so i
tend to just beleive you if you say so.
The key generation sho
I don't think Recommends is appropriate for the general
case - it's meant for packages used in "all but unusual
installations" (from the policy manual) isn't it?
The key generation should be able to be performed using
dropbearkey (and /usr/lib/dropbear/dropbearconvert if
required), without needin
relating reports:
initramfs-tools: 465901
cryptsetup: 465902
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: dropbear
Version: 0.50-2
Severity: wishlist
Tags: patch
this patch is part of three patches (initramfs-tools, cryptsetup,
dropbear) which enable mkinitramfs to create initramfss that provide the
ability to log in and unlock a cryptroot during the boot process from
remote via ssh.
in
7 matches
Mail list logo
