Date: Wed, 20 Feb 2013 09:32:58 +0100 (CET) From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> To: Paul Schenkeveld <freebsd@psconsult.nl> Cc: hackers@freebsd.org Subject: Re: Chicken and egg, encrypted root FS on remote server Message-ID: <alpine.BSF.2.00.1302200931440.27094@wojtek.tensor.gdynia.pl> In-Reply-To: <20130220065810.GA25027@psconsult.nl> References: <20130220065810.GA25027@psconsult.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> Geli can ask for a root password at the console to unlock the root fs > but that of course won't work for a remote server. > > Ideally I'd like the server to start, do minimal network config, run > a minimal ssh client (dropbear?) and wait for someone to log in, > provide the passphrase to unlock the root filesystem and then mount > the root filesystem and do a normal startup. > I read about a pivotroot call in other OS-es, that would allow for a too much complexity. just make simple small partition with OS installed, and just sshd and maybe few (not requiring security) things services running, then log in, geli attach main partition, fsck and mount and then run other services. make script for it. that's all
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1302200931440.27094>