search

Jip-Hop / sedunlocksrv-pba

Conveniently unlock your Self Encrypting Drive on startup (via HTTPS) without the need to attach monitor and keyboard
GNU General Public License v3.0
37 stars 8 forks source link

Adjustments necessary for SSH unlock #24

Closed decafgeek closed 5 months ago

decafgeek commented 7 months ago

Hello,

I ran into some issues trying to get the SSH server working for remote unlock. It looks like dropbear (and openssh as well) expect specific permissions on the directories and files related to authorized_keys or it will bail with a very uninformative error message related to "publickey" - I exclusively used the Docker method to build, so perhaps this isn't encountered on a 'real' build environment.

To fix this I had to replace lines 142-144 of build.sh with the following:

mkdir -p "${TMPDIR}/core/home/tc/.ssh"
cp ./ssh/authorized_keys "${TMPDIR}/core/home/tc/.ssh/"
chown -R 1001 "${TMPDIR}/core/home/tc/.ssh"
chmod 700 "${TMPDIR}/core/home/tc/.ssh"
chmod 600 "${TMPDIR}/core/home/tc/.ssh/authorized_keys"
cp ./ssh/ssh_sed_unlock.sh "${TMPDIR}/core/home/tc/"

I can do a pull request if you'd like but it seemed overkill for these trivial changes.

Jip-Hop commented 7 months ago

Thanks for letting me know! A pull request would be great :)