Hi, so far I was using "dropbear_initrd_encrypt" (see [1]) to unlock a cryptdevice remotely via SSH, which worked reasonably well. However since the latest release of mkinitcpio it doesn't work anymore. I could fix the issues in the meantime, however it got me into thinking that this could be done even better. The main problem I have with "dropbear_initrd_encrypt" is that it sort of mixes the "dropbear" and "encryptssh" hooks. The dropbear daemon for instance is started in the "dropbear" hook, but killed after successfully unlocking the cryptdevice in the "encryptssh" hook. Furthermore the "encryptssh" hook is basically a copy of the "encrypt" hook with some changes. Now my idea so far was the following: Start a screen session early (using "run_earlyhook"). Start dropbear whenever SSH access is needed, e.g. right before the "encrypt" hook itself using a separate "dropbear" hook ("run_hook" should be fine). Now the SSH session should be attached to the screen session, so the input/output will be "shared". After unlocking (run_cleanuphook) kill the screen session. I've spent some time on this, but couldn't get it working so far. Now before spending even more time on it, I would like to know from you what you think about it and whether or not this can be done. Are there any obvious issues I'm haven't thought of yet? Unfortunately I'm not too familiar with screen and every attempt I tried so far will bring up some form of an interactive screen session with the welcome screen being shown. This will bring the boot process to a "halt", where I have to exit the screen session to move on. I guess in the first step I would just like to have all output from the boot process within the initramfs shown in a screen session. Has anyone of you some advice(s) for me? Using screen has the advantage that the whole output during boot will be accessible (scrollable) as screen would buffer all of it. This could be useful in cases the machine won't boot beyond initramfs. Best regards, Karol Babioch [1] https://aur.archlinux.org/packages/dropbear_initrd_encrypt/
Attachment:
signature.asc
Description: OpenPGP digital signature