stupidpupil
commented
4 years ago Apologies for the slow response, and possibly not being that helpful...
Step 5
What you've written for Step 5 looks right. The fields are separated in the file by spaces or tabs, and the last entry is the "keyfile" field - no need for a field name.
The somepassphrase bit is the passphrase that you used in Step 1 to encrypt the keyfile. The script downloads the encrypted keyfile, decrypts it and then uses the decrypted keyfile to unlock the LUKS volume.
I should really rework some of this to be handled by a helper script, walking users through the process! Will think how to do this.
Fallback
This isn't somepassphrase, it is whatever you have in the LUKS keyslots for that drive.
Wifi
The short answer is: I don't know, but I bet it's a bit tricky compared to wired connections.
This person seems to have managed it but I do wonder if there might be better approach.
It doesn't help, to be honest, that how I'm currently handling network setup is a bit of a mess that I need to revisit and do "the right way".
sorry for some questions about the script, i dont have much experience with codes on github. First of all i'm not sure about the changes in the crypttab file. Before installing the script this file looked as this:
# old version without https-keyscript sda6_crypt UUID=5ed84861-73f9-4e2a-bf56-359c2142e717 none luks,discardHow to implement step 5? Is it something like this?
Is there something missing before "somepassphrase:...", e.g. a field name like "key file" or something?
Further i have a question about the fall back to ask for a pw if the keyfile is not found. Is the pw "somepassphrase" meant or another pw from another luks keyslot? Must "somepassphrase" be changed to the pw i would like to use or is it a field or option name?
I use the keyscript not on a server, but on my home desktop computer which is connected to the internet by wifi. Is there already on boot up a wifi connection so the script can query by https?
Thanks for helping a beginner :)