search

ceremcem / unlock-luks-partition

Unlock a LUKS partition via SSH
40 stars 3 forks source link

Not Working for Debian Stretch #1

Closed makorne closed 5 years ago

makorne commented 6 years ago

Standard network installer (https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.4.0-amd64-netinst.iso) doesn't install plymouth package, and if it is installed manually it doesn't unlock the luks partition.

ceremcem commented 6 years ago

and if it is installed manually it doesn't unlock the luks partition.

What happens when you install plymouth manually? Are you unable to unlock your boot partition even with physical keyboard? (That shouldn't happen)

Aside from above question, can you connect your target (which has the crypted disk) with SSH? If "yes", try to unlock your disk manually: 

echo -ne mysecretpassword > /lib/cryptsetup/passfifo

Your target should continue booting.

If everything goes well till this point, you may consider replacing your /etc/initramfs-tools/hooks/crypt_unlock.sh with the following content: (note: not tested, taken from here)

#!/bin/sh

PREREQ=""
prereqs()
{
  echo "$PREREQ"
}
case $1 in
  prereqs)
    prereqs
    exit 0
    ;;
esac

. /usr/share/initramfs-tools/hook-functions

cat > "${DESTDIR}/root/unlock" << EOF
#!/bin/sh
/lib/cryptsetup/askpass 'passphrase: ' > /lib/cryptsetup/passfifo
EOF

chmod u+x "${DESTDIR}/root/unlock"

exit 0

...which doesn't depend on plymouth.

makorne commented 6 years ago

Even after full installing https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.4.0-amd64-xfce-CD-1.iso the system doesn't have plymouth

find / -name plymouth
/usr/share/plymouth
/usr/share/desktop-base/lines-theme/plymouth
/usr/share/desktop-base/joy-theme/plymouth
/usr/share/desktop-base/spacefun-theme/plymouth
/usr/share/desktop-base/joy-inksplat-theme/plymouth
/usr/share/desktop-base/softwaves-theme/plymouth
# ls /bin/plymouth
ls: cannot access '/bin/plymouth': No such file or directory
makorne commented 6 years ago

I'm trying to install Stretch over ssh ( risque->kvm with installer -> shell for dropbear setup) I did so for Jessie before but it doesn't work for Stretch

The https://danrl.com/blog/2015/debian-jessi-ssh-fde-unlock/ script cannot work because dropbear packages have changed

need:
# rm /etc/initramfs-tools/root/.ssh/id_rsa
# rm /etc/initramfs-tools/root/.ssh/id_rsa.pub
# rm /etc/initramfs-tools/root/.ssh/id_rsa.dropbear

after installing dropbear , find / -name id_rsa is empty

there is no the root dir anymore ls /etc/initramfs-tools/ conf.d hooks initramfs.conf modules scripts update-initramfs.conf

ceremcem commented 6 years ago

I'm trying to install Stretch over ssh ( risque->kvm with installer -> shell for dropbear setup) I did so for Jessie before but it doesn't work for Stretch

Installing the target system is not in the scope of this "How To". You need to install your target system, and then you should implement the remote disk unlocking feature.

The https://danrl.com/blog/2015/debian-jessi-ssh-fde-unlock/ script cannot work because dropbear packages have changed

"Can not work" or "Is not working"? It should work, because these directories are created dynamically at the initramfs stage.

First things first

You should make the followings clear:

  1. Can you make SSH to your target at initramfs stage?
  2. Can you unlock your disk "manually"? (described in my previous post)
makorne commented 6 years ago

1) Yes 2) Yes, but cant login. Now try reinstalling again :)

ceremcem commented 6 years ago

Sorry for the delay, but there seems an issue with Github, since there was no notification regarding to your last comment.

If both answers to 1 and 2 is "yes", then this howto can be considered "does its job".

I bet reinstalling had resolved the login issue. Can we close the issue?

ceremcem commented 5 years ago

Closing due to inactivity. You can re-open anytime.