Set of shell scripts to allow unlocking of full disk encrypted Ubuntu and Debian installs through console, USB-key or SSH.
Use at your own risk, I'm not responsable for any damage this script might do to your system, make backups, make sure you have a safe boot option, test it in a VM first... etc. etc.
Tested on:
Usage:
sudo apt-get install -y git-core
git clone --depth 1 https://github.com/chadoe/luks-triple-unlock.git && cd luks-triple-unlock
sudo ./install.sh [keyfile]
, it will ask you for the passphrase for the luks drive, keyfile is a path to a file you want to use as a key for the luks volume, this file will be read from an USB flash drive ext(2/3/4)/fat32/ntfs partition on boot. If no keyfile provided on the commandline a file .keyfile
will be generated in the current directory. sudo reboot
Ways to unlock your machine:
Optional:
PKGOPTION_dropbear_OPTION="-s -p 22"
, -s disallows password logins, -p set the ssh port.# See http://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt.
#IP=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>
#IP=10.10.1.199::10.10.1.1:255.255.255.0::eth0:off
#IP=192.168.1.99::192.168.1.1:255.255.255.0::wlan0:off
#IP=192.168.1.99::192.168.1.1:255.255.255.0::wlan0:dhcp
#IP=:::::wlan0:dhcp
#IP=dhcp
sudo update-initramfs -u -k $(uname -r)
to apply the changes.